Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

0

CVE-2010-1773

Disclosure Date: September 24, 2010 •

CVE-2010-1773 CVSS v3 Base Score: 8.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2010-1773 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773)

BID-41575 (http://www.securityfocus.com/bid/41575)

Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

ADV-2010-2722 (http://www.vupen.com/english/advisories/2010/2722)

FEDORA-2010-11020 (http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html)

SECUNIA-43068 (http://secunia.com/advisories/43068)

ADV-2010-1801 (http://www.vupen.com/english/advisories/2010/1801)

https://bugzilla.redhat.com/show_bug.cgi?id=596500

USN-1006-1 (http://www.ubuntu.com/usn/USN-1006-1)

SECUNIA-41856 (http://secunia.com/advisories/41856)

ADV-2011-0212 (http://www.vupen.com/english/advisories/2011/0212)

SECUNIA-40072 (http://secunia.com/advisories/40072)

https://bugs.webkit.org/show_bug.cgi?id=39508

SECUNIA-40557 (http://secunia.com/advisories/40557)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830

http://code.google.com/p/chromium/issues/detail?id=44955

http://trac.webkit.org/changeset/59950

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

FEDORA-2010-11011 (http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html)

ADV-2011-0552 (http://www.vupen.com/english/advisories/2011/0552)

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Rapid7

Technical Analysis