Signature Detail
Short Name |
HTTP:STC:CHROME:WEBKIT-OO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple Safari and Google Chrome Webkit Object Outline Memory Corruption |
Release Date |
2010/12/30 |
Update Number |
1842 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple Safari and Google Chrome Webkit Object Outline Memory Corruption
This signature detects attempts to exploit a known memory corruption vulnerability in Webkit, the HTML rendering engine used in Apple's Safari and Google's Chrome Web browser. It is due to memory corruption during the rendering of HTML object outlines. This can be exploited by enticing a user to open a specially crafted Web page. A successful attack can result in memory corruption which can crash the browser or could lead to arbitrary code execution.
Extended Description
Webkit is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. Successfully exploiting these issues may allow attackers to crash the affected application or execute arbitrary code. This issue affects the following: iOS 2.0 through 4.0.2 for iPhone 3G and later iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later Versions prior to Apple Safari 4.1.2 and 5.0.2 Versions prior to Google Chrome 5.0.375.125 NOTE: This issue was previously discussed in BID 43070 (Apple iPhone/iPod touch Prior to iOS 4.1 Multiple Vulnerabilities) but has been given its own record to better document it.
Affected Products
- Apple iOS 2.0
- Apple iOS 3.2
- Apple iOS 3.2.1
- Apple iOS 3.2.2
- Apple iOS 4
- Apple iOS 4.0.1
- Apple iOS 4.0.2
- Apple iOS 4.2 beta
- Apple iPad 3.2
- Apple iPad 3.2.1
- Apple iPad 3.2.2
- Apple iPad
- Apple iPad
- Apple iPhone 2.0
- Apple iPhone 2.0.1
- Apple iPhone 2.0.2
- Apple iPhone 2.1
- Apple iPhone 2.1 - Iphone
- Apple iPhone 2.1 - Ipodtouch
- Apple iPhone 2.2
- Apple iPhone 2.2.1
- Apple iPhone 2.2.1 - Iphone
- Apple iPhone 2.2.1 - Ipodtouch
- Apple iPhone 2.2 - Iphone
- Apple iPhone 2.2 - Ipodtouch
- Apple iPhone 3.0
- Apple iPhone 3.0.1
- Apple iPhone 3.0.1 - Iphone
- Apple iPhone 3.0.1 - Ipodtouch
- Apple iPhone 3.0 - Iphone
- Apple iPhone 3.0 - Ipodtouch
- Apple iPhone 3.1
- Apple iPhone 3.1.2
- Apple iPhone 3.1.2 - Iphone
- Apple iPhone 3.1.2 - Ipodtouch
- Apple iPhone 3.1.3
- Apple iPhone 3.1.3 - Iphone
- Apple iPhone 3.1.3 - Ipodtouch
- Apple iPhone 3.1 - Iphone
- Apple iPhone 3.1 - Ipodtouch
- Apple iPhone 3.2
- Apple iPhone 3.2.1
- Apple iPhone 3.2.1 - Ipad
- Apple iPhone 3.2 - Iphone
- Apple iPhone 3.2 - Ipodtouch
- Apple iPhone 4.0
- Apple iPhone 4.0.1
- Apple iPhone 4.0.1 - Iphone
- Apple iPhone 4.0 - Iphone
- Apple iPhone 4.0 - Ipodtouch
- Apple iPod Touch 2.0
- Apple iPod Touch 2.0.1
- Apple iPod Touch 2.0.2
- Apple iPod Touch 2.1
- Apple iPod Touch 2.2
- Apple iPod Touch 2.2.1
- Apple iPod Touch 3.0
- Apple iPod Touch 3.1.1
- Apple iPod Touch 3.1.2
- Apple iPod Touch 3.1.3
- Apple Safari 4
- Apple Safari 4.0.1
- Apple Safari 4.0.2
- Apple Safari 4.0.2 For Windows
- Apple Safari 4.0.3
- Apple Safari 4.0.3 For Windows
- Apple Safari 4.0.4
- Apple Safari 4.0.4 For Windows
- Apple Safari 4.0.5
- Apple Safari 4.0.5 For Windows
- Apple Safari 4.1
- Apple Safari 4.1.1
- Apple Safari 4.1.2 for Windows
- Apple Safari 4 Beta
- Apple Safari 4 For Windows
- Apple Safari 5.0
- Apple Safari 5.0.1
- Apple Safari 5.0.1 for Windows
- Apple Safari 5.0.2 for Windows
- Apple Safari 5.0 For Windows
- Google Chrome 5.0.375.0
- Google Chrome 5.0.375.1
- Google Chrome 5.0.375.10
- Google Chrome 5.0.375.11
- Google Chrome 5.0.375.12
References
- BugTraq: 43078
- CVE: CVE-2010-1813