Lucene search

[email protected]CVE-2010-0040

HistoryMar 15, 2010 - 1:28 p.m.

CVE-2010-0040

2010-03-1513:28:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-0040

colorsync

apple safari

itunes

integer overflow

buffer overflow

denial of service

remote code execution

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

90.0%

JSON

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

CPENameOperatorVersion
apple:safariapple safarile4.0.4
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.0b
apple:safariapple safarieq4.0.1
apple:safariapple safarieq4.0.2
apple:safariapple safarieq4.0.3

CPE	Name	Operator	Version
apple:safari	apple safari	le	4.0.4
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.0b
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	4.0.3

References

lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

secunia.com/advisories/39135

support.apple.com/kb/HT4070

support.apple.com/kb/HT4105

www.securityfocus.com/bid/38671

www.securityfocus.com/bid/38674

www.securitytracker.com/id?1023706

exchange.xforce.ibmcloud.com/vulnerabilities/56826

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6741

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2010-0040

prion1 securityvulns7 nessus5 openvas2