Vulnerability Name: | CVE-2010-0042 (CCN-56829) | ||||||||
Assigned: | 2009-12-15 | ||||||||
Published: | 2010-03-11 | ||||||||
Updated: | 2017-09-19 | ||||||||
Summary: | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.' Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/' | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-200 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-0042 Source: APPLE Type: UNKNOWN APPLE-SA-2010-03-29-1 Source: APPLE Type: UNKNOWN APPLE-SA-2010-03-30-2 Source: APPLE Type: UNKNOWN APPLE-SA-2010-11-22-1 Source: APPLE Type: UNKNOWN APPLE-SA-2010-06-21-1 Source: APPLE Type: Vendor Advisory APPLE-SA-2010-03-11-1 Source: CCN Type: SA38932 Apple Safari Multiple Vulnerabilities Source: CCN Type: SA39135 Apple iTunes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 39135 Source: CCN Type: SA40257 Apple iOS Multiple Vulnerabilities Source: CCN Type: SA42314 Apple iOS Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 42314 Source: CCN Type: SECTRACK ID: 1023706 Apple Safari Bugs Let Remote Users Cause Arbitrary Code to Be Executed Source: CCN Type: Apple Web site About the security content of Safari 4.0.5 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT4070 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4077 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4105 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4225 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4456 Source: CCN Type: OSVDB ID: 62935 Apple Safari on Windows ImageIO Crafted TIFF File Process Memory Disclosure Source: BID Type: Patch 38671 Source: CCN Type: BID-38671 RETIRED: Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities Source: BID Type: Patch 38677 Source: CCN Type: BID-38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1023706 Source: XF Type: UNKNOWN safari-tiff-info-disclosure(56829) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7561 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |