VulDB: Apple Safari up to 5.x buffer overflow [CVE-2010-1778]
General
scipID: 4171
Affected: Apple Safari up to 5.x
Published: 07/22/2010
Risk: 
critical
Entry: 93.7% complete
Created: 08/19/2010
Updated: 09/03/2012
Summary
A vulnerability classified as critical was found in Apple Safari up to 5.x. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was released 07/22/2010 with Apple. The advisory is shared for download at support.apple.com. This vulnerability is known as CVE-2010-1778 since 05/06/2010. The attack can be launched remotely. The technical details are unknown and an exploit is not publicly available.
The vulnerability was handled as a non-public zero-day exploit for at least 6 days. The vulnerability scanner Nessus provides a plugin with the ID 47888 (Safari < 5.0.1 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context local.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at support.apple.com. A possible mitigation has been published 6 days after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (66844), Secunia (SA40664) and SecurityFocus (BID 42020).CVSS
Base Score: 6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: No
Nessus ID: 47888
Nessus Name: Safari < 5.0.1 Multiple Vulnerabilities
Nessus Family: Windows
Nessus Context: local
Countermeasures
Recommended: Upgrade
Reaction Time: 6 days since reported
0-Day Time: 6 days since found
Exposure Time: 6 days since known
Patch: support.apple.com
Timeline
05/06/2010 | CVE assigned
07/22/2010 | Advisory disclosed
07/28/2010 | Countermeasure disclosed
07/28/2010 | Nessus plugin released
08/04/2010 | OSVDB entry created
08/19/2010 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: support.apple.com
Company: Apple
Confirmation: support.apple.com
OSVDB: 66844
CVE: CVE-2010-1778 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 40664
SecurityFocus: 42020
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
