iDefense Security Advisory 03.11.10 – Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors’ browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Google Chrome 3.0.195.38 and Safari 4.0.4. Previous versions are suspected to be vulnerable. A full list of affected Apple products can be found in Security Advisory APPLE-SA-2010-03-11-1 Safari 4.0.5.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87147/03.11.10-1.txt
Source: https://packetstormsecurity.com/files/87147/iDEFENSE-Security-Advisory-2010-03-11.1.html