exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-100
Posted Jun 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application duplicates event listeners in .svg documents. Upon creating an AnimateTransform object, the library will create a timer to handle the transformation and duplicate the object's event listener into Webkit's "shadow tree" of the image. Upon destruction of the shadow tree and the original tree, the application will destroy the Element containing the event listener twice. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-1402
MD5 | 0f5919447348bf25d9c75b68351d1bac
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
Posted Sep 16, 2019

tags | headline, phone, data loss, flaw, apple
Instagram Fixed Flaw That Links Account Info To PII
Posted Sep 13, 2019

tags | headline, hacker, privacy, data loss, flaw, facebook
France To Block Facebook's Libra Cryptocurrency In Europe
Posted Sep 13, 2019

tags | headline, government, bank, fraud, france, facebook, social, cryptography
InnfiRAT Malware Lurks To Steal Cryptocurrency Wallet Data
Posted Sep 13, 2019

tags | headline, malware, cybercrime, fraud, cryptography
Infosec Duo Cuffed After Physically Breaking Into Courthouse During IT Security Assessment
Posted Sep 13, 2019

tags | headline, hacker, government
New Simjacker Attack Exploited In The Wild To Track Users For At Least Two Years
Posted Sep 12, 2019

tags | headline, hacker, privacy, phone
Major Fraud Scheme Exposed By Insecure Database
Posted Sep 12, 2019

tags | headline, database, cybercrime, fraud
UNICEF Leaks Personal Data Of 8,000 Users Via Email Blunder
Posted Sep 12, 2019

tags | headline, privacy, email, data loss
Fin7 Operator Pleads Guilty To Two Counts
Posted Sep 12, 2019

tags | headline, malware, cybercrime, fraud
Weakness In Intel Chips Lets Researchers Steal Encrypted SSH Keystrokes
Posted Sep 11, 2019

tags | headline, privacy, flaw, password, cryptography, intel
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close