| Vulnerability Name: | CVE-2010-0040 (CCN-56826) | ||||||||
| Assigned: | 2009-12-15 | ||||||||
| Published: | 2010-03-11 | ||||||||
| Updated: | 2017-09-19 | ||||||||
| Summary: | Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html ColorSync CVE-ID: CVE-2010-0040 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow, that could result in a heap buffer overflow, exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/' | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-189 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0040 Source: APPLE Type: UNKNOWN APPLE-SA-2010-03-30-2 Source: APPLE Type: Vendor Advisory APPLE-SA-2010-03-11-1 Source: CCN Type: SA38932 Apple Safari Multiple Vulnerabilities Source: CCN Type: SA39135 Apple iTunes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 39135 Source: CCN Type: SECTRACK ID: 1023706 Apple Safari Bugs Let Remote Users Cause Arbitrary Code to Be Executed Source: CCN Type: Apple Web site About the security content of Safari 4.0.5 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT4070 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4105 Source: CCN Type: OSVDB ID: 62933 Apple Safari / iTunes on Windows ColorSync Crafted Image Color Profile Overflow Source: BID Type: Patch 38671 Source: CCN Type: BID-38671 RETIRED: Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities Source: BID Type: Patch 38674 Source: CCN Type: BID-38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1023706 Source: XF Type: UNKNOWN safari-colorsync-bo(56826) Source: XF Type: UNKNOWN safari-colorsync-bo(56826) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6741 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||