CVE-2010-1813

iPhone OS < 4.1 - Remote Code Execution via HTML Object Outlines

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1813. PoCs published by Jose A. Vazquez.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in WebKit (CVE-2010-1813) affecting Safari and Chrome. It uses a crafted HTML file with a refresh meta tag and an iframe to trigger a crash via a null pointer dereference and pointer corruption.

Description

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jose A. Vazquez · textdoswindows

https://www.exploit-db.com/exploits/14967

View Code ZIP pw:eip

This exploit demonstrates a memory corruption vulnerability in WebKit (CVE-2010-1813) affecting Safari and Chrome. It uses a crafted HTML file with a refresh meta tag and an iframe to trigger a crash via a null pointer dereference and pointer corruption.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple Safari < 4.1.2/5.0.2, Google Chrome < 5.0.375.125

No auth needed

Prerequisites: Vulnerable version of Safari or Chrome · Ability to host malicious HTML files

MITRE ATT&CK