Vulnerability Note VU#943165
Apple Safari window object invalid pointer vulnerability
Apple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Exploit code for this vulnerability is publicly available. We have confirmed Apple Safari 4.0.5 on the Windows platform to be vulnerable. Other versions may also be affected.
By convincing a victim to view an HTML document (webpage, HTML email, or email attachment) with Apple Safari, an attacker could run arbitrary code with the privileges of the user running the application.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Inc.||Affected||-||27 Jul 2010|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Krystian Kloskowski.
This document was written by Will Dormann.
- CVE IDs: CVE-2010-1939 CVE-2010-1750
- Date Public: 07 May 2010
- Date First Published: 10 May 2010
- Date Last Updated: 27 Jul 2010
- Severity Metric: 20.41
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.