CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

Affected Software

Name	Vendor	Start Version	End Version
Itunes	Apple	*	9.0.3 (including)
Itunes	Apple	4.0.0 (including)	4.0.0 (including)
Itunes	Apple	4.0.1 (including)	4.0.1 (including)
Itunes	Apple	4.1.0 (including)	4.1.0 (including)
Itunes	Apple	4.2.0 (including)	4.2.0 (including)
Itunes	Apple	4.5 (including)	4.5 (including)
Itunes	Apple	4.5.0 (including)	4.5.0 (including)
Itunes	Apple	4.6 (including)	4.6 (including)
Itunes	Apple	4.6.0 (including)	4.6.0 (including)
Itunes	Apple	4.7 (including)	4.7 (including)
Itunes	Apple	4.7.0 (including)	4.7.0 (including)
Itunes	Apple	4.7.1 (including)	4.7.1 (including)
Itunes	Apple	4.7.2 (including)	4.7.2 (including)
Itunes	Apple	4.8.0 (including)	4.8.0 (including)
Itunes	Apple	4.9.0 (including)	4.9.0 (including)
Itunes	Apple	5.0 (including)	5.0 (including)
Itunes	Apple	5.0.0 (including)	5.0.0 (including)
Itunes	Apple	5.0.1 (including)	5.0.1 (including)
Itunes	Apple	6.0.0 (including)	6.0.0 (including)
Itunes	Apple	6.0.1 (including)	6.0.1 (including)
Itunes	Apple	6.0.2 (including)	6.0.2 (including)
Itunes	Apple	6.0.3 (including)	6.0.3 (including)
Itunes	Apple	6.0.4 (including)	6.0.4 (including)
Itunes	Apple	6.0.4.2 (including)	6.0.4.2 (including)
Itunes	Apple	6.0.5 (including)	6.0.5 (including)
Itunes	Apple	7.0.0 (including)	7.0.0 (including)
Itunes	Apple	7.0.1 (including)	7.0.1 (including)
Itunes	Apple	7.0.2 (including)	7.0.2 (including)
Itunes	Apple	7.1.0 (including)	7.1.0 (including)
Itunes	Apple	7.1.1 (including)	7.1.1 (including)
Itunes	Apple	7.2.0 (including)	7.2.0 (including)
Itunes	Apple	7.3.0 (including)	7.3.0 (including)
Itunes	Apple	7.3.1 (including)	7.3.1 (including)
Itunes	Apple	7.3.2 (including)	7.3.2 (including)
Itunes	Apple	7.4 (including)	7.4 (including)
Itunes	Apple	7.4.0 (including)	7.4.0 (including)
Itunes	Apple	7.4.1 (including)	7.4.1 (including)
Itunes	Apple	7.4.2 (including)	7.4.2 (including)
Itunes	Apple	7.4.3 (including)	7.4.3 (including)
Itunes	Apple	7.5 (including)	7.5 (including)
Itunes	Apple	7.5.0 (including)	7.5.0 (including)
Itunes	Apple	7.6 (including)	7.6 (including)
Itunes	Apple	7.6.0 (including)	7.6.0 (including)
Itunes	Apple	7.6.1 (including)	7.6.1 (including)
Itunes	Apple	7.6.2 (including)	7.6.2 (including)
Itunes	Apple	7.7 (including)	7.7 (including)
Itunes	Apple	7.7.0 (including)	7.7.0 (including)
Itunes	Apple	7.7.1 (including)	7.7.1 (including)
Itunes	Apple	8.0.0 (including)	8.0.0 (including)
Itunes	Apple	8.0.1 (including)	8.0.1 (including)
Itunes	Apple	8.0.2 (including)	8.0.2 (including)
Itunes	Apple	8.1 (including)	8.1 (including)
Itunes	Apple	8.1.1 (including)	8.1.1 (including)
Itunes	Apple	8.2 (including)	8.2 (including)
Itunes	Apple	8.2.1 (including)	8.2.1 (including)
Itunes	Apple	9.0.0 (including)	9.0.0 (including)
Itunes	Apple	9.0.1 (including)	9.0.1 (including)
Itunes	Apple	9.0.2 (including)	9.0.2 (including)
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	maverick	*
Chromium-browser	Ubuntu	natty	*
Chromium-browser	Ubuntu	oneiric	*
Qt4-x11	Ubuntu	jaunty	*
Qt4-x11	Ubuntu	karmic	*
Qt4-x11	Ubuntu	lucid	*
Webkit	Ubuntu	hardy	*
Webkit	Ubuntu	jaunty	*
Webkit	Ubuntu	karmic	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1387
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References