PRIOn knowledge basePRION:CVE-2010-0040

HistoryMar 15, 2010 - 1:28 p.m.

Integer overflow

2010-03-1513:28:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.9%

JSON

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

CPENameOperatorVersion
safarile4.0.4
safarieq4.0
safarieq4.0.98
safarieq4.0.1
safarieq4.0.2
safarieq4.0.3

Name	Operator	Version
safari	le	4.0.4
safari	eq	4.0
safari	eq	4.0.98
safari	eq	4.0.1
safari	eq	4.0.2
safari	eq	4.0.3

References

lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

secunia.com/advisories/39135

support.apple.com/kb/HT4070

support.apple.com/kb/HT4105

www.securityfocus.com/bid/38671

www.securityfocus.com/bid/38674

www.securitytracker.com/id?1023706

exchange.xforce.ibmcloud.com/vulnerabilities/56826

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6741

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.9%

JSON

Related for PRION:CVE-2010-0040