CVE-2010-1806 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	4.0 (including)	4.0 (including)
Safari	Apple	4.0.0b (including)	4.0.0b (including)
Safari	Apple	4.0.1 (including)	4.0.1 (including)
Safari	Apple	4.0.2 (including)	4.0.2 (including)
Safari	Apple	4.0.3 (including)	4.0.3 (including)
Safari	Apple	4.0.4 (including)	4.0.4 (including)
Safari	Apple	4.0.5 (including)	4.0.5 (including)
Safari	Apple	4.1 (including)	4.1 (including)
Safari	Apple	5.0 (including)	5.0 (including)
Safari	Apple	5.0.1 (including)	5.0.1 (including)

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html
http://secunia.com/advisories/42314
http://support.apple.com/kb/HT4333
http://support.apple.com/kb/HT4456
http://www.securityfocus.com/bid/43049
http://www.vupen.com/english/advisories/2010/3046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11729

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1806
CWE	https://cwe.mitre.org/data/definitions/399.html