关键信息 Advisory ID: ZDI-11-095 CVE ID: CVE-2010-1824 CVSS Score: 9.7 (AV:N/AC:L/Au:N/C:C/I:P/A:C) Affected Vendor: Apple Affected Product: WebKit Vulnerability Type: Remote Code Execution Disclosure Timeline: - 2010-10-18: Vulnerability reported to vendor - 2011-03-02: Coordinated public release of advisory Credit: wushi of team509 Protection: Trend Micro TippingPoint IPS customers are protected by Digital Vaccine protection filter ID ['10890']. Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's WebKit. The flaw occurs when the application parses a malformed document and appends the error message to the DOM tree, leading to heap corruption and arbitrary code execution. Additional Details: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4554