Vulnerability Details : CVE-2010-3116
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3116
Probability of exploitation activity in the next 30 days: 5.20%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3116
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-3116
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3116
-
http://www.securityfocus.com/bid/44200
WebKit MIME Type Handling CVE-2010-3116 Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/2722
Webmail | OVH- OVHThird Party Advisory
-
http://www.vupen.com/english/advisories/2011/0212
Webmail | OVH- OVHThird Party Advisory
-
http://support.apple.com/kb/HT4456
About the security content of iOS 4.2 - Apple SupportThird Party Advisory
-
http://support.apple.com/kb/HT4455
About the security content of Safari 5.0.3 and Safari 4.1.3 - Apple SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002Mailing List;Third Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=50515
Inloggen - Google AccountsPermissions Required
-
http://www.ubuntu.com/usn/USN-1006-1
USN-1006-1: WebKit vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/3046
Webmail | OVH- OVHThird Party Advisory
-
http://www.vupen.com/english/advisories/2011/0216
Webmail | OVH- OVHThird Party Advisory
-
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.vupen.com/english/advisories/2011/0552
Webmail | OVH- OVHThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
mandriva.comThird Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=51835
Inloggen - Google AccountsPermissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909
Repository / Oval RepositoryThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0177.html
SupportThird Party Advisory
Products affected by CVE-2010-3116
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*