Think you have a false positive on this rule?

Sid 1-45734

Message

BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt

Summary

This event is generated when a use-after-free condition is exploited in Apple Safari Webkit.

Impact

Attempted User Privilege Gain

CVE-2010-1392:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-1392: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.

Affected systems

  • apple safari 4.0
  • apple safari 4.0.0b
  • apple safari 4.0.1
  • apple safari 4.0.2
  • apple safari 4.0.3
  • apple safari 4.0.4
  • apple safari 4.0.5
  • apple webkit *

Ease of attack

CVE-2010-1392:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References