CVE-2010-0046 (GCVE-0-2010-0046)

Vulnerability from cvelistv5 – Published: 2010-03-12 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://www.vupen.com/english/advisories/2010/2722 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/43068 third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1006-1 vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id?1023708 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/41856 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0212 vdb-entryx_refsource_VUPEN
http://support.apple.com/kb/HT4225 x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://support.apple.com/kb/HT4070 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.vupen.com/english/advisories/2011/0552 vdb-entryx_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/38671 vdb-entryx_refsource_BID
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:37:52.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2011:039",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
          },
          {
            "name": "APPLE-SA-2010-03-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
          },
          {
            "name": "ADV-2010-2722",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2722"
          },
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "USN-1006-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1006-1"
          },
          {
            "name": "1023708",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023708"
          },
          {
            "name": "41856",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41856"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4225"
          },
          {
            "name": "FEDORA-2010-8360",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7053",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4070"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "ADV-2011-0552",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0552"
          },
          {
            "name": "FEDORA-2010-8379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
          },
          {
            "name": "APPLE-SA-2010-06-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
          },
          {
            "name": "38671",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38671"
          },
          {
            "name": "FEDORA-2010-8423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "MDVSA-2011:039",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
        },
        {
          "name": "APPLE-SA-2010-03-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
        },
        {
          "name": "ADV-2010-2722",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2722"
        },
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "USN-1006-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1006-1"
        },
        {
          "name": "1023708",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023708"
        },
        {
          "name": "41856",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41856"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4225"
        },
        {
          "name": "FEDORA-2010-8360",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7053",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4070"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "ADV-2011-0552",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0552"
        },
        {
          "name": "FEDORA-2010-8379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
        },
        {
          "name": "APPLE-SA-2010-06-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
        },
        {
          "name": "38671",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38671"
        },
        {
          "name": "FEDORA-2010-8423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2011:039",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
            },
            {
              "name": "APPLE-SA-2010-03-11-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
            },
            {
              "name": "ADV-2010-2722",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2722"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "USN-1006-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1006-1"
            },
            {
              "name": "1023708",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023708"
            },
            {
              "name": "41856",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41856"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "http://support.apple.com/kb/HT4225",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4225"
            },
            {
              "name": "FEDORA-2010-8360",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7053",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053"
            },
            {
              "name": "http://support.apple.com/kb/HT4070",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4070"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "ADV-2011-0552",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0552"
            },
            {
              "name": "FEDORA-2010-8379",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
            },
            {
              "name": "APPLE-SA-2010-06-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
            },
            {
              "name": "38671",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38671"
            },
            {
              "name": "FEDORA-2010-8423",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-0046",
    "datePublished": "2010-03-12T20:00:00",
    "dateReserved": "2009-12-15T00:00:00",
    "dateUpdated": "2024-08-07T00:37:52.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.0.4\", \"matchCriteriaId\": \"B1816CD6-0159-4684-A54D-94866D3FE570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02EAC196-AE43-4787-9AF9-E79E2E1BBA46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36EA71E0-63F7-46FF-AF11-792741F27628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E36485-565D-4FAA-A6AD-57DF42D47462\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de CSS (hojas de estilo en cascada) en WebKit de Apple Safari en versiones anteriores a la v4.0.5 permite a usuarios remotos ejecutar comandos de su elecci\\u00f3n o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria y ca\\u00edda de la aplicaci\\u00f3n) a trav\\u00e9s argumentos de formato modificados.\"}]",
      "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\u0027WebKit\r\nCVE-ID:  CVE-2010-0046\r\nAvailable for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,\r\nMac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,\r\nWindows 7, Vista, XP\r\nImpact:  Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription:  A memory corruption issue exists in WebKit\u0027s handling\r\nof CSS format() arguments. Visiting a maliciously crafted website may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution. This issue is addressed through improved handling of CSS\r\nformat() arguments. Credit to Robert Swiecki of Google Inc. for\r\nreporting this issue.\u0027",
      "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\u0027Safari 4.0.5 is available via the Apple Software Update application,\r\nor Apple\u0027s Safari download site at:\r\nhttp://www.apple.com/safari/download/\u0027",
      "id": "CVE-2010-0046",
      "lastModified": "2024-11-21T01:11:24.323",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-03-15T13:28:25.527",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://secunia.com/advisories/41856\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://support.apple.com/kb/HT4070\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4225\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:039\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securityfocus.com/bid/38671\", \"source\": \"product-security@apple.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1023708\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1006-1\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2722\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0552\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/41856\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38671\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1023708\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1006-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2722\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0046\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-03-15T13:28:25.527\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de CSS (hojas de estilo en cascada) en WebKit de Apple Safari en versiones anteriores a la v4.0.5 permite a usuarios remotos ejecutar comandos de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s argumentos de formato modificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.4\",\"matchCriteriaId\":\"B1816CD6-0159-4684-A54D-94866D3FE570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02EAC196-AE43-4787-9AF9-E79E2E1BBA46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36EA71E0-63F7-46FF-AF11-792741F27628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E36485-565D-4FAA-A6AD-57DF42D47462\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/41856\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT4070\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4225\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:039\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/38671\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1023708\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1006-1\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2722\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0552\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/41856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38671\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1023708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1006-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\\r\\n\\r\\n\u0027WebKit\\r\\nCVE-ID:  CVE-2010-0046\\r\\nAvailable for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,\\r\\nMac OS X v10.5.8, Mac OS X Server v10.5.8,\\r\\nMac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,\\r\\nWindows 7, Vista, XP\\r\\nImpact:  Visiting a maliciously crafted website may lead to an\\r\\nunexpected application termination or arbitrary code execution\\r\\nDescription:  A memory corruption issue exists in WebKit\u0027s handling\\r\\nof CSS format() arguments. Visiting a maliciously crafted website may\\r\\nlead to an unexpected application termination or arbitrary code\\r\\nexecution. This issue is addressed through improved handling of CSS\\r\\nformat() arguments. Credit to Robert Swiecki of Google Inc. for\\r\\nreporting this issue.\u0027\",\"evaluatorSolution\":\"Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\\r\\n\\r\\n\u0027Safari 4.0.5 is available via the Apple Software Update application,\\r\\nor Apple\u0027s Safari download site at:\\r\\nhttp://www.apple.com/safari/download/\u0027\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.