Sign-up

ID

VAR-201003-0488


CVE

CVE-2010-1179


TITLE

Apple iPhone malformation VML data remote code execution vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-0462 // CNVD: CNVD-2010-0453

DESCRIPTION

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024. iPod touch is an MP4 player released by Apple, and the iPhone is its released smartphone. Apple's iPhone/iPod touch includes a problem with Safari that handles web pages containing malformed \"VML\" data, and remote attackers can exploit the vulnerability to crash the application. Careful construction of WEB data may execute arbitrary instructions with application privileges. Apple Safari running on iPhone is prone to an unspecified remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Apple Safari included in iPhone 3.1.3 and prior are vulnerable

Trust: 3.06

sources: NVD: CVE-2010-1179 // JVNDB: JVNDB-2010-003950 // CNVD: CNVD-2010-0462 // CNVD: CNVD-2010-0453 // BID: 38990 // VULHUB: VHN-43784

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2010-0462 // CNVD: CNVD-2010-0453

AFFECTED PRODUCTS

vendor:applemodel:safariscope: - version: -

Trust: 1.4

vendor:nomodel: - scope: - version: -

Trust: 1.2

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:iosscope:eqversion:ipod touch for 3.1.3

Trust: 0.8

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

sources: CNVD: CNVD-2010-0462 // CNVD: CNVD-2010-0453 // BID: 38990 // JVNDB: JVNDB-2010-003950 // CNNVD: CNNVD-201003-441 // NVD: CVE-2010-1179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1179
value: HIGH

Trust: 1.0

NVD: CVE-2010-1179
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201003-441
value: CRITICAL

Trust: 0.6

VULHUB: VHN-43784
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1179
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43784
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43784 // JVNDB: JVNDB-2010-003950 // CNNVD: CNNVD-201003-441 // NVD: CVE-2010-1179

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-43784 // JVNDB: JVNDB-2010-003950 // NVD: CVE-2010-1179

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-441

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201003-441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003950

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43784

PATCH
title:Top Pageurl:http://www.apple.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003950

EXTERNAL IDS
db:BIDid:38990
Trust: 3.2
db:NVDid:CVE-2010-1179
Trust: 2.8
db:EXPLOIT-DBid:11890
Trust: 1.7
db:JVNDBid:JVNDB-2010-003950
Trust: 0.8
db:CNNVDid:CNNVD-201003-441
Trust: 0.7
db:CNVDid:CNVD-2010-0462
Trust: 0.6
db:CNVDid:CNVD-2010-0453
Trust: 0.6
db:SEEBUGid:SSVID-68035
Trust: 0.1
db:VULHUBid:VHN-43784
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0462 // 
            
            
            
            CNVD: CNVD-2010-0453 // 
            
            
            
            VULHUB: VHN-43784 // 
            
            
            
            BID: 38990 // 
            
            
            
            JVNDB: JVNDB-2010-003950 // 
            
            
            
            CNNVD: CNNVD-201003-441 // 
            
            
            
            NVD: CVE-2010-1179

REFERENCES
url:http://nishantdaspatnaik.yolasite.com/ipodpoc4.php
Trust: 2.9
url:http://www.securityfocus.com/bid/38990
Trust: 1.7
url:http://www.exploit-db.com/exploits/11890
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1179
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1179
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2010-0462 // 
            
            
            
            CNVD: CNVD-2010-0453 // 
            
            
            
            VULHUB: VHN-43784 // 
            
            
            
            BID: 38990 // 
            
            
            
            JVNDB: JVNDB-2010-003950 // 
            
            
            
            CNNVD: CNNVD-201003-441 // 
            
            
            
            NVD: CVE-2010-1179

CREDITS
Nishant Das Patnaik
Trust: 0.9
sources:
            
            
            BID: 38990 // 
            
            
            
            CNNVD: CNNVD-201003-441

SOURCES
db:CNVDid:CNVD-2010-0462
db:CNVDid:CNVD-2010-0453
db:VULHUBid:VHN-43784
db:BIDid:38990
db:JVNDBid:JVNDB-2010-003950
db:CNNVDid:CNNVD-201003-441
db:NVDid:CVE-2010-1179

LAST UPDATE DATE
2025-04-11T23:06:03.022000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0462date:2010-03-26T00:00:00
db:CNVDid:CNVD-2010-0453date:2010-03-26T00:00:00
db:VULHUBid:VHN-43784date:2010-03-30T00:00:00
db:BIDid:38990date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-003950date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201003-441date:2010-03-30T00:00:00
db:NVDid:CVE-2010-1179date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0462date:2010-03-26T00:00:00
db:CNVDid:CNVD-2010-0453date:2010-03-26T00:00:00
db:VULHUBid:VHN-43784date:2010-03-29T00:00:00
db:BIDid:38990date:2010-03-26T00:00:00
db:JVNDBid:JVNDB-2010-003950date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201003-441date:2010-03-29T00:00:00
db:NVDid:CVE-2010-1179date:2010-03-29T19:30:00.547