CVE-2010-1119

Apple Safari < 5.0 - Use-After-Free via Attribute Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1119. PoCs published by MJ Keith.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Android's WebKit browser engine (CVE-2010-1119) to execute arbitrary shellcode. It manipulates heap memory via JavaScript to achieve remote code execution, targeting Android versions 2.0, 2.1, and 2.1.1.

Description

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MJ Keith · htmlremoteandroid

https://www.exploit-db.com/exploits/16974

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in Android's WebKit browser engine (CVE-2010-1119) to execute arbitrary shellcode. It manipulates heap memory via JavaScript to achieve remote code execution, targeting Android versions 2.0, 2.1, and 2.1.1.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Android WebKit (versions 2.0, 2.1, 2.1.1)

No auth needed

Prerequisites: Victim must visit a malicious webpage using the vulnerable Android browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17

Core References

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4220

Various Sources x_refsource_misc

http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4225

Patch, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40196

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40105

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1373

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Various Sources x_refsource_misc

http://news.cnet.com/8301-27080_3-20001126-245.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1512

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40620

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7037

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8128

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1024067

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4196

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Various Sources x_refsource_misc

http://twitter.com/thezdi/statuses/11001080021

Scores

EPSS 0.1887

EPSS Percentile 96.9%

Details

CWE

CWE-399

Status published

Products (46)

apple/iphone_os 2.0

apple/iphone_os 2.0.0

apple/iphone_os 2.0.1

apple/iphone_os 2.0.2

apple/iphone_os 2.1

apple/iphone_os 2.1.1

apple/iphone_os 2.2

apple/iphone_os 2.2.1

apple/iphone_os 3.0

apple/iphone_os 3.0.1

... and 36 more

Published Mar 25, 2010

Tracked Since Feb 18, 2026