CVE-2010-2300

Google Chrome < 5.0.375.70 - Use-After-Free in Element::normalizeAttributes

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2300. PoCs published by MJ Keith.

AI-analyzed exploit summary This exploit targets a WebKit normalize bug (CVE-2010-1759) to achieve remote code execution via heap spraying and shellcode injection. It leverages DOM manipulation and event listeners to trigger the vulnerability and execute arbitrary code.

Description

Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759.

Exploits (1)

exploitdb WORKING POC

by MJ Keith · htmlremoteandroid

https://www.exploit-db.com/exploits/18446

View Code ZIP pw:eip

This exploit targets a WebKit normalize bug (CVE-2010-1759) to achieve remote code execution via heap spraying and shellcode injection. It leverages DOM manipulation and event listeners to trigger the vulnerability and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: WebKit-based browsers (e.g., Android 2.1-2.3)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target device must be running vulnerable WebKit version

MITRE ATT&CK