CVE-2010-0050
critical-risk
Published 2010-03-15
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
Do I need to act?
!
46.4% chance of exploitation in next 30 days
EPSS score — higher than 54% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (10)
Affected Vendors
References (38)
Broken Link
http://secunia.com/advisories/41856
Broken Link
http://secunia.com/advisories/43068
Vendor Advisory
http://support.apple.com/kb/HT4070
Vendor Advisory
http://support.apple.com/kb/HT4225
Broken Link
http://www.securityfocus.com/bid/38671
Broken Link
http://www.securitytracker.com/id?1023708
Third Party Advisory
http://www.ubuntu.com/usn/USN-1006-1
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56836
and 18 more references
70
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
24/34 · High
Exposure
16/34 · Moderate