CVE-2010-1749 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	4.0.5 (including)
Safari	Apple	4.0 (including)	4.0 (including)
Safari	Apple	4.0.0b (including)	4.0.0b (including)
Safari	Apple	4.0.1 (including)	4.0.1 (including)
Safari	Apple	4.0.2 (including)	4.0.2 (including)
Safari	Apple	4.0.3 (including)	4.0.3 (including)
Safari	Apple	4.0.4 (including)	4.0.4 (including)
Webkit	Apple	*	*

References

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/40105
http://secunia.com/advisories/40196
http://secunia.com/advisories/43068
http://securitytracker.com/id?1024067
http://support.apple.com/kb/HT4196
http://support.apple.com/kb/HT4220
http://www.securityfocus.com/archive/1/511725/100/0/threaded
http://www.securityfocus.com/bid/40620
http://www.vupen.com/english/advisories/2010/1373
http://www.vupen.com/english/advisories/2010/1512
http://www.vupen.com/english/advisories/2011/0212
http://www.zerodayinitiative.com/advisories/ZDI-10-101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7180

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1749
CWE	https://cwe.mitre.org/data/definitions/399.html