CVE-2018-10496 is a vulnerability in Samsung Internet Browser
Published on September 24, 2018
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2018-10496 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2018-10496
Want to know whenever a new CVE is published for Samsung Internet Browser? stack.watch will email you.
Affected Versions
Samsung Internet Browser Version Fixed in version 6.4.0.15 is affected by CVE-2018-10496Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.