CVE-2010-1791 | Vulnerability Database | Aqua Security

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	5.0 (including)
Safari	Apple	4.0 (including)	4.0 (including)
Safari	Apple	4.0.0b (including)	4.0.0b (including)
Safari	Apple	4.0.1 (including)	4.0.1 (including)
Safari	Apple	4.0.2 (including)	4.0.2 (including)
Safari	Apple	4.0.3 (including)	4.0.3 (including)
Safari	Apple	4.0.4 (including)	4.0.4 (including)
Safari	Apple	4.0.5 (including)	4.0.5 (including)
Webkit	Apple	*	*

References

http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/42314
http://secunia.com/advisories/43068
http://support.apple.com/kb/HT4276
http://support.apple.com/kb/HT4334
http://support.apple.com/kb/HT4456
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.securityfocus.com/bid/42020
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11802

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1791
CWE	https://cwe.mitre.org/data/definitions/189.html