Lucene search

PRIOn knowledge basePRION:CVE-2010-0041

HistoryMar 15, 2010 - 1:28 p.m.

Design/Logic Flaw

2010-03-1513:28:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.4%

JSON

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

CPENameOperatorVersion
safarile4.0.4
safarieq4.0
safarieq4.0.98
safarieq4.0.1
safarieq4.0.2
safarieq4.0.3

Name	Operator	Version
safari	le	4.0.4
safari	eq	4.0
safari	eq	4.0.98
safari	eq	4.0.1
safari	eq	4.0.2
safari	eq	4.0.3

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

secunia.com/advisories/39135

support.apple.com/kb/HT4070

support.apple.com/kb/HT4077

support.apple.com/kb/HT4105

support.apple.com/kb/HT4225

www.securityfocus.com/bid/38671

www.securityfocus.com/bid/38676

www.securitytracker.com/id?1023706

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885