CVE-2010-1807

EXPLOITED

Apple Safari < 2.1 - Improper Input Validation

Title source: rule

Description

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Itzhak Avraham · htmlremoteandroid
https://www.exploit-db.com/exploits/15548
exploitdb WORKING POC
by MJ Keith · htmlremoteandroid
https://www.exploit-db.com/exploits/15423

References (22)

... and 2 more

Scores

EPSS 0.7865
EPSS Percentile 99.0%

Details

VulnCheck KEV 2023-12-07
CWE
CWE-20
Status published
Products (23)
apple/safari 4.0 (2 CPE variants)
apple/safari 4.0.0b
apple/safari 4.0.1
apple/safari 4.0.2
apple/safari 4.0.3
apple/safari 4.0.4
apple/safari 4.0.5
apple/safari 4.1
apple/safari 4.1.1
apple/safari 5.0
... and 13 more
Published Sep 10, 2010
Tracked Since Feb 18, 2026