Vulnerability CVE-2009-1726

Vulnerability Name:

CVE-2009-1726 (CCN-52419)

Assigned:

2009-08-05

Published:

2009-08-05

Updated:

2017-09-29

Summary:

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1726

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2009-08-05-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-06-16-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-06-07-1

Source: OSVDB
Type: UNKNOWN
56845

Source: CCN
Type: SA36096
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36096

Source: CCN
Type: SA40105
Apple Safari Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
40105

Source: CCN
Type: SA40196
Apple iTunes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
40196

Source: CCN
Type: SECTRACK ID: 1022674
Mac OS X Multiple Image and File Processing Bugs Permit Remote Code Execution

Source: CCN
Type: Apple Web site
About Security Update 2009-003

Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.apple.com/kb/HT3757

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4196

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4220

Source: CCN
Type: OSVDB ID: 56845
Apple Mac OS X ColorSync Image Embedded ColorSync Profile Handling Overflow

Source: BID
Type: Patch
35954

Source: CCN
Type: BID-35954
Apple Mac OS X 2009-003 Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022674

Source: CERT
Type: US Government Resource
TA09-218A

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2172

Source: VUPEN
Type: UNKNOWN
ADV-2010-1373

Source: VUPEN
Type: UNKNOWN
ADV-2010-1512

Source: XF
Type: UNKNOWN
macosx-colorsync-profile-bo(52419)

Source: XF
Type: UNKNOWN
macosx-colorsync-profile-bo(52419)

Source: XF
Type: UNKNOWN
safari-colorsync-profile-bo(59162)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7499

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2009-1726 (CCN-59162)

Assigned:

2009-05-20

Published:

2010-06-07

Updated:

2010-06-07

Summary:

Apple Safari is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling of images with an embedded ColorSync profile. By persuading a victim to visit a Web site containing a specially-crafted image with an embedded ColorSync profile, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the browser to crash.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1726

Source: CCN
Type: SA36096
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: CCN
Type: SA40105
Apple Safari Multiple Vulnerabilities

Source: CCN
Type: SA40196
Apple iTunes Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1022674
Mac OS X Multiple Image and File Processing Bugs Permit Remote Code Execution

Source: CCN
Type: Apple Web site
About the security content of Safari 5.0 and Safari 4.1

Source: CCN
Type: Apple KB HT4220
About the security content of iTunes 9.2

Source: CCN
Type: OSVDB ID: 56845
Apple Mac OS X ColorSync Image Embedded ColorSync Profile Handling Overflow

Source: CCN
Type: BID-35954
Apple Mac OS X 2009-003 Multiple Security Vulnerabilities

Source: XF
Type: UNKNOWN
safari-colorsync-profile-bo(59162)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:5.0:*:*:*:*:*:*:*

OR cpe:/a:apple:itunes:9.2:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:7499	V	ColorSync in Apple Safari Heap Buffer Overflow Vulnerability	2013-12-30

BACK