CVE-2010-0053

{"id": "CVE-2010-0053", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-03-15T14:15:32.167", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html", "source": "product-security@apple.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html", "source": "product-security@apple.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html", "source": "product-security@apple.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "source": "product-security@apple.com"}, {"url": "http://osvdb.org/62948", "source": "product-security@apple.com"}, {"url": "http://secunia.com/advisories/41856", "source": "product-security@apple.com"}, {"url": "http://secunia.com/advisories/43068", "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4070", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4225", "source": "product-security@apple.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039", "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/38671", "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id?1023708", "source": "product-security@apple.com"}, {"url": "http://www.ubuntu.com/usn/USN-1006-1", "source": "product-security@apple.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2722", "source": "product-security@apple.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0212", "source": "product-security@apple.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0552", "source": "product-security@apple.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7323", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/62948", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/41856", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43068", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT4070", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT4225", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/38671", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1023708", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1006-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2722", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0212", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0552", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7323", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en WebKit de Apple Safari anterior a la v4.0.5, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores relacionados con la propiedad de run-in de visualizar las Hojas de Estilo en Cascada -Cascading Style Sheets, CSS-"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1816CD6-0159-4684-A54D-94866D3FE570", "versionEndIncluding": "4.0.4"}, {"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB"}, {"criteria": "cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC87F61-3463-468A-BF0B-070816BBC3CA"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\nCVE-ID: CVE-2010-0053\r\nAvailable for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,\r\nMac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,\r\nWindows 7, Vista, XP\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A use-after-free issue exists in the rendering of\r\ncontent with a CSS display property set to 'run-in'. Visiting a\r\nmaliciously crafted website may lead to an unexpected application\r\ntermination or arbitrary code execution. This issue is addressed\r\nthrough improved memory reference tracking. Credit to wushi of\r\nteam509, working with TippingPoint's Zero Day Initiative for\r\nreporting this issue.", "sourceIdentifier": "product-security@apple.com"}