CVE-2010-1403

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.

Software From Fixed in
apple / safari - 4.0.5.x
apple / safari 4.0 4.0.x
apple / safari 4.0.0b 4.0.0b.x
apple / safari 4.0.1 4.0.1.x
apple / safari 4.0.2 4.0.2.x
apple / safari 4.0.3 4.0.3.x
apple / safari 4.0.4 4.0.4.x
apple / webkit - -