cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.1 cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.5 cpe:/a:apple:webkit CVE-2010-1403 2010-06-11T14:00:32.677-04:00 2017-09-18T21:30:43.033-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-06-14T13:28:00.000-04:00 SECTRACK 1024067 BUGTRAQ 20100608 ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability SECUNIA 40105 SECUNIA 40196 BID 40620 SECUNIA 41856 SECUNIA 42314 SECUNIA 43068 VUPEN ADV-2010-1373 VUPEN ADV-2010-1512 VUPEN ADV-2010-2722 VUPEN ADV-2011-0212 VUPEN ADV-2011-0552 APPLE APPLE-SA-2010-06-07-1 APPLE APPLE-SA-2010-06-16-1 APPLE APPLE-SA-2010-06-21-1 APPLE APPLE-SA-2010-11-22-1 MANDRIVA MDVSA-2011:039 SUSE SUSE-SR:2011:002 UBUNTU USN-1006-1 CONFIRM http://support.apple.com/kb/HT4196 CONFIRM http://support.apple.com/kb/HT4220 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4456 MISC http://www.zerodayinitiative.com/advisories/ZDI-10-099/ WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.