Vulnerability Name: | CVE-2010-0043 (CCN-56828) | ||||||||
Assigned: | 2009-12-15 | ||||||||
Published: | 2010-03-11 | ||||||||
Updated: | 2017-09-19 | ||||||||
Summary: | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'ImageIO CVE-ID: CVE-2010-0043 Available for: Windows 7, Vista, XP Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Gus Mueller of Flying Meat for reporting this issue.' Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/' | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-94 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-0043 Source: APPLE Type: UNKNOWN APPLE-SA-2010-03-29-1 Source: APPLE Type: UNKNOWN APPLE-SA-2010-03-30-2 Source: APPLE Type: UNKNOWN APPLE-SA-2010-06-21-1 Source: APPLE Type: Vendor Advisory APPLE-SA-2010-03-11-1 Source: CCN Type: SA38932 Apple Safari Multiple Vulnerabilities Source: CCN Type: SA39135 Apple iTunes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 39135 Source: CCN Type: SA40257 Apple iOS Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1023706 Apple Safari Bugs Let Remote Users Cause Arbitrary Code to Be Executed Source: CCN Type: Apple Web site About the security content of Safari 4.0.5 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT4070 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4077 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4105 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4225 Source: CCN Type: OSVDB ID: 62936 Apple Safari on Windows ImageIO Crafted TIFF File Arbitrary Code Execution Source: BID Type: Patch 38671 Source: CCN Type: BID-38671 RETIRED: Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities Source: BID Type: Patch 38673 Source: CCN Type: BID-38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1023706 Source: XF Type: UNKNOWN safari-tiff-code-execution(56828) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6901 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |