CVE-2010-3116 — HIGH (10.0)

Q: How severe is CVE-2010-3116?

CVE-2010-3116 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3116?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Apple Iphone Os, Webkitgtk Webkitgtk, Canonical Ubuntu Linux.

Vulnerability Description

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 5.0.375.127
Apple	Safari	< 4.1.3
Apple	Iphone Os	< 4.2
Webkitgtk	Webkitgtk	< 1.2.6
Canonical	Ubuntu Linux	9.10

Related Weaknesses (CWE)

CWE-416

References

http://code.google.com/p/chromium/issues/detail?id=50515Permissions Required
http://code.google.com/p/chromium/issues/detail?id=51835Permissions Required
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.htmlVendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/41856Third Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://secunia.com/advisories/43086Third Party Advisory
http://support.apple.com/kb/HT4455Third Party Advisory
http://support.apple.com/kb/HT4456Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0177.htmlThird Party Advisory
http://www.securityfocus.com/bid/44200Third Party AdvisoryVDB Entry

FAQ

What is CVE-2010-3116?

CVE-2010-3116 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to ...

How severe is CVE-2010-3116?

CVE-2010-3116 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3116?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Apple Iphone Os, Webkitgtk Webkitgtk, Canonical Ubuntu Linux.