#VU33130 Resource management error - CVE-2010-3116

Cybersecurity Help s.r.o.

Published: 2010-08-24 | Updated: 2020-08-03

Vulnerability identifier: #VU33130

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2010-3116

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

Mitigation
Install update from vendor's website.

External links
https://code.google.com/p/chromium/issues/detail?id=50515
https://code.google.com/p/chromium/issues/detail?id=51835
https://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
https://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
https://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://secunia.com/advisories/41856
https://secunia.com/advisories/42314
https://secunia.com/advisories/43068
https://secunia.com/advisories/43086
https://support.apple.com/kb/HT4455
https://support.apple.com/kb/HT4456
https://www.mandriva.com/security/advisories?name=MDVSA-2011:039
https://www.redhat.com/support/errata/RHSA-2011-0177.html
https://www.securityfocus.com/bid/44200
https://www.ubuntu.com/usn/USN-1006-1
https://www.vupen.com/english/advisories/2010/2722
https://www.vupen.com/english/advisories/2010/3046
https://www.vupen.com/english/advisories/2011/0212
https://www.vupen.com/english/advisories/2011/0216
https://www.vupen.com/english/advisories/2011/0552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management error in webkit (Alpine package)