HTTP: Apple Safari WebKit Menu Onchange Memory Corruption
This signature detects attempts to exploit a code execution vulnerability in Apple Safari. It is due to memory corruption when processing the on-change event when applied to Menus. A remote attacker can exploit this by enticing a target user to open a maliciously crafted Web page. In a successful attack the behavior of the target machine depends entirely on the intention of the injected code, which would run within the security context of the logged on user. In an unsuccessful attack, the vulnerable application can terminate abnormally.
Extended Description
Webkit for iPhone and iPod touch is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. Successfully exploiting these issues may allow attackers to crash the affected device or execute arbitrary code. This issue affects iOS 2.0 through 4.0.2 for iPhone 3G and later and iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later. NOTE: This issue was previously discussed in BID 43070 (Apple iPhone/iPod touch Prior to iOS 4.1 Multiple Vulnerabilities) but has been given its own record to better document it.
Affected Products
Apple ipod_touch,Suse opensuse
Short Name
HTTP:STC:SAFARI:WEBKIT-MENU-MEM
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2010-1814 Corruption Memory Menu Onchange Safari WebKit bid:43083
Release Date
12/21/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Webkit_open_source_project
Suse
Apple
Ubuntu
Mandriva
CVSS Score
6.8