CVE-2010-1770

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

References

Link	Tags
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	third party advisory vendor advisory
http://support.apple.com/kb/HT4220	vendor advisory
http://www.vupen.com/english/advisories/2010/2722	third party advisory vdb entry permissions required
http://secunia.com/advisories/43068	third party advisory
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html	vendor advisory mailing list
http://zerodayinitiative.com/advisories/ZDI-10-093/	third party advisory vdb entry
http://support.apple.com/kb/HT4334	vendor advisory
http://www.ubuntu.com/usn/USN-1006-1	third party advisory vendor advisory
http://secunia.com/advisories/41856	third party advisory
http://www.vupen.com/english/advisories/2011/0212	third party advisory vdb entry permissions required
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html	patch vendor advisory mailing list
http://secunia.com/advisories/40072	third party advisory
http://secunia.com/advisories/40196	third party advisory
http://secunia.com/advisories/40105	third party advisory
http://www.vupen.com/english/advisories/2010/1373	third party advisory vdb entry permissions required
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html	vendor advisory mailing list
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	vendor advisory mailing list third party advisory
http://secunia.com/advisories/42314	third party advisory
http://www.vupen.com/english/advisories/2010/1512	third party advisory vdb entry permissions required
http://www.securityfocus.com/bid/40620	patch third party advisory vdb entry
http://code.google.com/p/chromium/issues/detail?id=43487	vendor advisory
http://www.vupen.com/english/advisories/2011/0552	third party advisory vdb entry permissions required
http://support.apple.com/kb/HT4456	vendor advisory
http://securitytracker.com/id?1024067	third party advisory vdb entry
http://support.apple.com/kb/HT4196	vendor advisory
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html	vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099	signature third party advisory vdb entry
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	vendor advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2010-1770?: CVE-2010-1770 has been scored as a critical severity vulnerability.
How to fix CVE-2010-1770?: To fix CVE-2010-1770, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-1770 being actively exploited in the wild?: It is possible that CVE-2010-1770 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~8% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions