CVE-2010-1781 — MEDIUM (6.8)

Q: How severe is CVE-2010-1781?

CVE-2010-1781 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-1781?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch, Canonical Ubuntu Linux.

Vulnerability Description

Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	< 4.1
Apple	Ipod Touch	-
Canonical	Ubuntu Linux	9.10

Related Weaknesses (CWE)

CWE-399

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.htmlMailing ListVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/41856Third Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://support.apple.com/kb/HT4334Vendor Advisory
http://support.apple.com/kb/HT4456Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
http://www.securityfocus.com/bid/43077Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
http://www.vupen.com/english/advisories/2011/0552Third Party Advisory

FAQ

What is CVE-2010-1781?

CVE-2010-1781 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors ...

How severe is CVE-2010-1781?

CVE-2010-1781 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1781?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch, Canonical Ubuntu Linux.