CVE-2010-1400

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-1400 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=870

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-1400

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Google Chrome 3.0.195.38
* Google Chrome 4.0.249.78
* Safari 4.0.4 on Windows XP
* Safari 4.0.4 on OS X 10.5.8
* Safari prior to versions 4.1 and 5.0

The vulnerability occurs when the a certain property of an HTML element with a caption is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code.

Patch Availability:
Apple has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.
http://www.apple.com/safari/download/

Workaround:
The vulnerability is present in the JavaScript engine, so disabling JavaScript is an effective workaround. This can be performed via the command line with Google Chrome, and the Preferences menu in Safari.

CVE Information:
CVE-2010-1400

Disclosure Timeline:
01/28/2010 Initial Vendor Notification
01/28/2010 Initial Vendor Reply
06/07/2010 Coordinated Public Disclosure

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus