Details of VAR-201003-0486

ID

VAR-201003-0486

CVE

CVE-2010-1177

TITLE

Apple iPhone/iPod touch Safari malformation WEB page remote code execution vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-0464 // CNVD: CNVD-2010-0455

DESCRIPTION

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. iPod touch is an MP4 player released by Apple, and the iPhone is its released smartphone. Careful construction of WEB data may execute arbitrary instructions with application privileges. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Apple iPhone is a smart phone of Apple (Apple)

Trust: 3.06

sources: NVD: CVE-2010-1177 // JVNDB: JVNDB-2010-003948 // CNVD: CNVD-2010-0464 // CNVD: CNVD-2010-0455 // BID: 38994 // VULHUB: VHN-43782

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2010-0464 // CNVD: CNVD-2010-0455

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 1.4
vendor:	no	model:	-	scope:	-	version:	-	Trust: 1.2
vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	ipod touch for 3.1.3	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.3

sources: CNVD: CNVD-2010-0464 // CNVD: CNVD-2010-0455 // BID: 38994 // JVNDB: JVNDB-2010-003948 // CNNVD: CNNVD-201003-439 // NVD: CVE-2010-1177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1177
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-1177
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201003-439
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-43782
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-1177
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43782
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43782 // JVNDB: JVNDB-2010-003948 // CNNVD: CNNVD-201003-439 // NVD: CVE-2010-1177

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-43782 // JVNDB: JVNDB-2010-003948 // NVD: CVE-2010-1177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-439

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201003-439

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003948

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43782

PATCH

title:

Top Page

url:

http://www.apple.com/

Trust: 0.8

sources: JVNDB: JVNDB-2010-003948

EXTERNAL IDS

db:	BID	id:	38994	Trust: 3.2
db:	NVD	id:	CVE-2010-1177	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-003948	Trust: 0.8
db:	CNVD	id:	CNVD-2010-0464	Trust: 0.6
db:	CNVD	id:	CNVD-2010-0455	Trust: 0.6
db:	CNNVD	id:	CNNVD-201003-439	Trust: 0.6
db:	SEEBUG	id:	SSVID-86995	Trust: 0.1
db:	EXPLOIT-DB	id:	33811	Trust: 0.1
db:	VULHUB	id:	VHN-43782	Trust: 0.1

sources: CNVD: CNVD-2010-0464 // CNVD: CNVD-2010-0455 // VULHUB: VHN-43782 // BID: 38994 // JVNDB: JVNDB-2010-003948 // CNNVD: CNNVD-201003-439 // NVD: CVE-2010-1177

REFERENCES

url:	http://nishantdaspatnaik.yolasite.com/ipodpoc2.php	Trust: 3.2
url:	http://www.securityfocus.com/bid/38994	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1177	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1177	Trust: 0.8
url:	http://www.apple.com/safari/	Trust: 0.3

sources: CNVD: CNVD-2010-0464 // CNVD: CNVD-2010-0455 // VULHUB: VHN-43782 // BID: 38994 // JVNDB: JVNDB-2010-003948 // CNNVD: CNNVD-201003-439 // NVD: CVE-2010-1177

CREDITS

Nishant Das Patnaik

Trust: 0.9

sources: BID: 38994 // CNNVD: CNNVD-201003-439

SOURCES

db:	CNVD	id:	CNVD-2010-0464
db:	CNVD	id:	CNVD-2010-0455
db:	VULHUB	id:	VHN-43782
db:	BID	id:	38994
db:	JVNDB	id:	JVNDB-2010-003948
db:	CNNVD	id:	CNNVD-201003-439
db:	NVD	id:	CVE-2010-1177

LAST UPDATE DATE

2025-04-11T23:02:17.345000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0464	date:	2010-03-26T00:00:00
db:	CNVD	id:	CNVD-2010-0455	date:	2010-03-26T00:00:00
db:	VULHUB	id:	VHN-43782	date:	2010-03-30T00:00:00
db:	BID	id:	38994	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-003948	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201003-439	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-1177	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0464	date:	2010-03-26T00:00:00
db:	CNVD	id:	CNVD-2010-0455	date:	2010-03-26T00:00:00
db:	VULHUB	id:	VHN-43782	date:	2010-03-29T00:00:00
db:	BID	id:	38994	date:	2010-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2010-003948	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201003-439	date:	2010-03-29T00:00:00
db:	NVD	id:	CVE-2010-1177	date:	2010-03-29T19:30:00.467