CVE-2010-1807

EXPLOITED

Apple Safari 4.x-5.x - Remote Code Execution via Floating-Point Validation Flaw

Title source: llm

Exploitation Summary

CVE-2010-1807 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Itzhak Avraham, MJ Keith.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in WebKit (CVE-2010-1807) to achieve remote code execution on Android 2.0/2.1 devices. It uses a crafted HTML page with JavaScript to trigger the vulnerability and execute shellcode that connects to a specified IP and port.

Description

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Itzhak Avraham · htmlremoteandroid

https://www.exploit-db.com/exploits/15548

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in WebKit (CVE-2010-1807) to achieve remote code execution on Android 2.0/2.1 devices. It uses a crafted HTML page with JavaScript to trigger the vulnerability and execute shellcode that connects to a specified IP and port.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Android WebKit (versions 2.0/2.1)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target device must be running Android 2.0/2.1

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by MJ Keith · htmlremoteandroid

https://www.exploit-db.com/exploits/15423

View Code ZIP pw:eip

This exploit targets CVE-2010-1807, a WebKit code execution vulnerability affecting Safari and Android browsers. It uses a heap spray technique to execute shellcode, delivering a reverse shell to a hardcoded IP and port.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit-based browsers (Safari, Android < 2.2)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target device must be running vulnerable WebKit version

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Various Sources x_refsource_confirm

http://trac.webkit.org/changeset/64706

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2722

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43068

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1006-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41856

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0212

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3046

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0216

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=627703

Various Sources x_refsource_misc

http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/43047

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43086

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42314

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0177.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0552

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4456

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4333

Scores

EPSS 0.8088

EPSS Percentile 99.2%

Details

VulnCheck KEV 2023-12-07

CWE

CWE-20

Status published

Products (23)

apple/safari 4.0 (2 CPE variants)

apple/safari 4.0.0b

apple/safari 4.0.1

apple/safari 4.0.2

apple/safari 4.0.3

apple/safari 4.0.4

apple/safari 4.0.5

apple/safari 4.1

apple/safari 4.1.1

apple/safari 5.0

... and 13 more

Published Sep 10, 2010

Tracked Since Feb 18, 2026