Vulnerability Report

CVE-2010-1807

Title: Apple Safari RCE

DoS

Proof Of Concept

PoC Available for CVE-2010-1807

CWE Category CWE-20

Published Date Sep 10, 2010

Modified Date Apr 29, 2026

Exploit Status Available

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

78.65%

Vulnerability Summary

CVE-2010-1807: WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Impacted Vendors

apple 1

webkitgtk 1

Reference Links

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4333 http://support.apple.com/kb/HT4456 http://trac.webkit.org/changeset/64706 http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.securityfocus.com/bid/43047 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0216 http://www.vupen.com/english/advisories/2011/0552 https://bugzilla.redhat.com/show_bug.cgi?id=627703 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4333 http://support.apple.com/kb/HT4456 http://trac.webkit.org/changeset/64706 http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.securityfocus.com/bid/43047 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0216 http://www.vupen.com/english/advisories/2011/0552 https://bugzilla.redhat.com/show_bug.cgi?id=627703 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2010-1807 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/15423

View Code

Exploit-DB https://www.exploit-db.com/exploits/15548

View Code

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

September 10, 2010 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.