CVE-2010-0041
Published Mar 15, 2010
Last updated 7 years ago
Overview
- Description
- ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
- Source
- product-security@apple.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Evaluator
- Comment
- Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html ImageIO CVE-ID: CVE-2010-0041 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1816CD6-0159-4684-A54D-94866D3FE570",
"versionEndIncluding": "4.0.4"
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB"
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46"
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67"
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628"
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]