Resource management error - CVE-2010-3116

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

How to mitigate CVE-2010-3116

Sources

• http://code.google.com/p/chromium/issues/detail?id=50515
• http://code.google.com/p/chromium/issues/detail?id=51835
• http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
• http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
• http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
• http://secunia.com/advisories/41856
• http://secunia.com/advisories/42314
• http://secunia.com/advisories/43068
• http://secunia.com/advisories/43086
• http://support.apple.com/kb/HT4455
• http://support.apple.com/kb/HT4456
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
• http://www.redhat.com/support/errata/RHSA-2011-0177.html
• http://www.securityfocus.com/bid/44200
• http://www.ubuntu.com/usn/USN-1006-1
• http://www.vupen.com/english/advisories/2010/2722
• http://www.vupen.com/english/advisories/2010/3046
• http://www.vupen.com/english/advisories/2011/0212
• http://www.vupen.com/english/advisories/2011/0216
• http://www.vupen.com/english/advisories/2011/0552
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909