Vulnerability CVE-2010-0041 - CERT Civis.Net

Vulnerability Name:

CVE-2010-0041 (CCN-56827)

Assigned:

2009-12-15

Published:

2010-03-11

Updated:

2017-09-19

Summary:

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

ImageIO
CVE-ID: CVE-2010-0041
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending
data from Safari's memory to the website
Description: An uninitialized memory access issue exists in
ImageIO's handling of BMP images. Visiting a maliciously crafted
website may result in sending data from Safari's memory to the
website. This issue is addressed through improved memory handling and
additional validation of BMP images. Credit to Matthew 'j00ru'
Jurczyk of Hispasec for reporting this issue.

Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

'Safari 4.0.5 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/'

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2010-0041

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-30-2

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-06-21-1

Source: APPLE
Type: Vendor Advisory
APPLE-SA-2010-03-11-1

Source: CCN
Type: SA38932
Apple Safari Multiple Vulnerabilities

Source: CCN
Type: SA39135
Apple iTunes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
39135

Source: CCN
Type: SA40257
Apple iOS Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1023706
Apple Safari Bugs Let Remote Users Cause Arbitrary Code to Be Executed

Source: CCN
Type: Apple Web site
About the security content of Safari 4.0.5

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT4070

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4105

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4225

Source: CCN
Type: OSVDB ID: 62934
Apple Safari on Windows ImageIO Crafted BMP File Process Memory Disclosure

Source: BID
Type: Patch
38671

Source: CCN
Type: BID-38671
RETIRED: Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities

Source: BID
Type: Patch
38676

Source: CCN
Type: BID-38676
Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023706

Source: XF
Type: UNKNOWN
safari-bmp-info-disclosure(56827)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6885

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:safari:4.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.0b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version <= 4.0.4)

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:itunes:9.0.0:-:windows:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.4:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*

AND

cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:6885	V	Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability	2015-06-22