Details of VAR-201003-0489

ID

VAR-201003-0489

CVE

CVE-2010-1180

TITLE

Apple iPhone/iPod touch Safari malformation 'Throw' exception remote code execution vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-0451 // CNVD: CNVD-2010-0460

DESCRIPTION

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. iPod touch is an MP4 player released by Apple, and the iPhone is its released smartphone. Careful construction of WEB data may execute arbitrary instructions with application privileges. Successful exploits can allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions

Trust: 3.06

sources: NVD: CVE-2010-1180 // JVNDB: JVNDB-2010-003951 // CNVD: CNVD-2010-0451 // CNVD: CNVD-2010-0460 // BID: 38992 // VULHUB: VHN-43785

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2010-0451 // CNVD: CNVD-2010-0460

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 1.4
vendor:	no	model:	-	scope:	-	version:	-	Trust: 1.2
vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	ipod touch for 3.1.3	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.3

sources: CNVD: CNVD-2010-0451 // CNVD: CNVD-2010-0460 // BID: 38992 // JVNDB: JVNDB-2010-003951 // CNNVD: CNNVD-201003-442 // NVD: CVE-2010-1180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1180
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-1180
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201003-442
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-43785
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-1180
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43785
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43785 // JVNDB: JVNDB-2010-003951 // CNNVD: CNNVD-201003-442 // NVD: CVE-2010-1180

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-43785 // JVNDB: JVNDB-2010-003951 // NVD: CVE-2010-1180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-442

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201003-442

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003951

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43785

PATCH

title:

Top Page

url:

http://www.apple.com/

Trust: 0.8

sources: JVNDB: JVNDB-2010-003951

EXTERNAL IDS

db:	BID	id:	38992	Trust: 3.2
db:	NVD	id:	CVE-2010-1180	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-003951	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-442	Trust: 0.7
db:	CNVD	id:	CNVD-2010-0451	Trust: 0.6
db:	CNVD	id:	CNVD-2010-0460	Trust: 0.6
db:	EXPLOIT-DB	id:	33810	Trust: 0.1
db:	SEEBUG	id:	SSVID-86994	Trust: 0.1
db:	VULHUB	id:	VHN-43785	Trust: 0.1

sources: CNVD: CNVD-2010-0451 // CNVD: CNVD-2010-0460 // VULHUB: VHN-43785 // BID: 38992 // JVNDB: JVNDB-2010-003951 // CNNVD: CNNVD-201003-442 // NVD: CVE-2010-1180

REFERENCES

url:	http://nishantdaspatnaik.yolasite.com/ipodpoc5.php	Trust: 3.2
url:	http://www.securityfocus.com/bid/38992	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/57992	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1180	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1180	Trust: 0.8
url:	http://www.apple.com/safari/	Trust: 0.3

sources: CNVD: CNVD-2010-0451 // CNVD: CNVD-2010-0460 // VULHUB: VHN-43785 // BID: 38992 // JVNDB: JVNDB-2010-003951 // CNNVD: CNNVD-201003-442 // NVD: CVE-2010-1180

CREDITS

Nishant Das Patnaik

Trust: 0.9

sources: BID: 38992 // CNNVD: CNNVD-201003-442

SOURCES

db:	CNVD	id:	CNVD-2010-0451
db:	CNVD	id:	CNVD-2010-0460
db:	VULHUB	id:	VHN-43785
db:	BID	id:	38992
db:	JVNDB	id:	JVNDB-2010-003951
db:	CNNVD	id:	CNNVD-201003-442
db:	NVD	id:	CVE-2010-1180

LAST UPDATE DATE

2025-04-11T22:50:39.170000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0451	date:	2010-03-26T00:00:00
db:	CNVD	id:	CNVD-2010-0460	date:	2010-03-26T00:00:00
db:	VULHUB	id:	VHN-43785	date:	2017-08-17T00:00:00
db:	BID	id:	38992	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-003951	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201003-442	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-1180	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0451	date:	2010-03-26T00:00:00
db:	CNVD	id:	CNVD-2010-0460	date:	2010-03-26T00:00:00
db:	VULHUB	id:	VHN-43785	date:	2010-03-29T00:00:00
db:	BID	id:	38992	date:	2010-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2010-003951	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201003-442	date:	2010-03-29T00:00:00
db:	NVD	id:	CVE-2010-1180	date:	2010-03-29T19:30:00.577