cvelistv5 - CVE-2010-0043

CVE-2010-0043 (GCVE-0-2010-0043)

Vulnerability from cvelistv5 – Published: 2010-03-12 20:00 – Updated: 2024-08-07 00:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT4225	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023706	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/39135	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT4105	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4070	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/38673	vdb-entryx_refsource_BID
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/bid/38671	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:37:53.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-03-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4225"
          },
          {
            "name": "1023706",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023706"
          },
          {
            "name": "39135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39135"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4105"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4070"
          },
          {
            "name": "oval:org.mitre.oval:def:6901",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
          },
          {
            "name": "38673",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "APPLE-SA-2010-03-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
          },
          {
            "name": "APPLE-SA-2010-06-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
          },
          {
            "name": "38671",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38671"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-03-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4225"
        },
        {
          "name": "1023706",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023706"
        },
        {
          "name": "39135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39135"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4105"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4070"
        },
        {
          "name": "oval:org.mitre.oval:def:6901",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
        },
        {
          "name": "38673",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "name": "APPLE-SA-2010-03-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
        },
        {
          "name": "APPLE-SA-2010-06-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
        },
        {
          "name": "38671",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38671"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-11-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4225",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4225"
            },
            {
              "name": "1023706",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023706"
            },
            {
              "name": "39135",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39135"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4105",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4105"
            },
            {
              "name": "http://support.apple.com/kb/HT4070",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4070"
            },
            {
              "name": "oval:org.mitre.oval:def:6901",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
            },
            {
              "name": "38673",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38673"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "APPLE-SA-2010-03-30-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
            },
            {
              "name": "APPLE-SA-2010-06-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
            },
            {
              "name": "38671",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38671"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-0043",
    "datePublished": "2010-03-12T20:00:00",
    "dateReserved": "2009-12-15T00:00:00",
    "dateUpdated": "2024-08-07T00:37:53.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.0.4\", \"matchCriteriaId\": \"B1816CD6-0159-4684-A54D-94866D3FE570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02EAC196-AE43-4787-9AF9-E79E2E1BBA46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36EA71E0-63F7-46FF-AF11-792741F27628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E36485-565D-4FAA-A6AD-57DF42D47462\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.\"}, {\"lang\": \"es\", \"value\": \"ImageIO en Apple Safari en versiones anteriores a la v4.0.5 en Windows permite a usuarios remotos ejecutar comandos de su elecci\\u00f3n o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria y ca\\u00edda de la aplicaci\\u00f3n) a trav\\u00e9s de una imagen TIFF modificada.\"}]",
      "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\r\n\u0027ImageIO\r\nCVE-ID:  CVE-2010-0043\r\nAvailable for:  Windows 7, Vista, XP\r\nImpact:  Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription:  A memory corruption issue exists in the handling of\r\nTIFF images. Processing a maliciously crafted TIFF image may lead to\r\nan unexpected application termination or arbitrary code execution.\r\nThis issue is addressed through improved memory handling. Credit to\r\nGus Mueller of Flying Meat for reporting this issue.\u0027",
      "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\u0027Safari 4.0.5 is available via the Apple Software Update application,\r\nor Apple\u0027s Safari download site at:\r\nhttp://www.apple.com/safari/download/\u0027",
      "id": "CVE-2010-0043",
      "lastModified": "2024-11-21T01:11:23.993",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-03-15T13:28:25.433",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39135\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://support.apple.com/kb/HT4070\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4077\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://support.apple.com/kb/HT4105\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://support.apple.com/kb/HT4225\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securityfocus.com/bid/38671\", \"source\": \"product-security@apple.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/38673\", \"source\": \"product-security@apple.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1023706\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38671\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/38673\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1023706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0043\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-03-15T13:28:25.433\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.\"},{\"lang\":\"es\",\"value\":\"ImageIO en Apple Safari en versiones anteriores a la v4.0.5 en Windows permite a usuarios remotos ejecutar comandos de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una imagen TIFF modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.4\",\"matchCriteriaId\":\"B1816CD6-0159-4684-A54D-94866D3FE570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02EAC196-AE43-4787-9AF9-E79E2E1BBA46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36EA71E0-63F7-46FF-AF11-792741F27628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E36485-565D-4FAA-A6AD-57DF42D47462\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39135\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT4070\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT4105\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT4225\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/38671\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/38673\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1023706\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38671\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/38673\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1023706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\\r\\n\\r\\n\\r\\n\u0027ImageIO\\r\\nCVE-ID:  CVE-2010-0043\\r\\nAvailable for:  Windows 7, Vista, XP\\r\\nImpact:  Processing a maliciously crafted TIFF image may lead to an\\r\\nunexpected application termination or arbitrary code execution\\r\\nDescription:  A memory corruption issue exists in the handling of\\r\\nTIFF images. Processing a maliciously crafted TIFF image may lead to\\r\\nan unexpected application termination or arbitrary code execution.\\r\\nThis issue is addressed through improved memory handling. Credit to\\r\\nGus Mueller of Flying Meat for reporting this issue.\u0027\",\"evaluatorSolution\":\"Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\\r\\n\\r\\n\u0027Safari 4.0.5 is available via the Apple Software Update application,\\r\\nor Apple\u0027s Safari download site at:\\r\\nhttp://www.apple.com/safari/download/\u0027\"}}"
  }
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

CERTA-2010-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans iTunes peuvent être exploitées par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

De multiples vulnérabilités ont été découvertes dans iTunes :

plusieurs erreurs dans les modules ColorSync et ImageIO peuvent conduire à une fuite de données ou de l'exécution de code arbitraire, notamment par le biais d'images spécialement conçues ;
un fichier MP4 importé spécialement conçu entraîne la création d'une boucle infinie dans iTunes, provoquant ainsi un déni de service à distance ;
une erreur dans le paquet d'installation d'iTunes pour Windows peut provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes versions antérieures à 9.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4105 du 30 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple iTunes versions ant\u00e9rieures \u00e0  9.1.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans iTunes :\n\n-   plusieurs erreurs dans les modules ColorSync et ImageIO peuvent\n    conduire \u00e0 une fuite de donn\u00e9es ou de l\u0027ex\u00e9cution de code\n    arbitraire, notamment par le biais d\u0027images sp\u00e9cialement con\u00e7ues ;\n-   un fichier MP4 import\u00e9 sp\u00e9cialement con\u00e7u entra\u00eene la cr\u00e9ation d\u0027une\n    boucle infinie dans iTunes, provoquant ainsi un d\u00e9ni de service \u00e0\n    distance ;\n-   une erreur dans le paquet d\u0027installation d\u0027iTunes pour Windows peut\n    provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0040"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2010-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0531"
    },
    {
      "name": "CVE-2010-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0532"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans iTunes peuvent \u00eatre exploit\u00e9es\npar un utilisateur malintentionn\u00e9 afin de compromettre le syst\u00e8me ou\nd\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4105 du 30 mars 2010",
      "url": "http://support.apple.com/kb/HT4105"
    }
  ]
}

CERTA-2010-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple iOS.

Description

Plusieurs vulnérabilités, dont certaines permettent l'exécution de code arbitraire à distance, ont été corrigées dans le système d'exploitation Apple iOS.

Solution

Mettre à jour en version iOS 4.0.

Apple iOS 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4225 du 21 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS 3.x.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans le syst\u00e8me d\u0027exploitation\nApple iOS.\n\n## Solution\n\nMettre \u00e0 jour en version iOS 4.0.\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0046"
    },
    {
      "name": "CVE-2009-2195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2195"
    },
    {
      "name": "CVE-2010-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1751"
    },
    {
      "name": "CVE-2009-1723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1723"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1769"
    },
    {
      "name": "CVE-2010-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1390"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1402"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-1400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1400"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1753"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1774"
    },
    {
      "name": "CVE-2010-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1391"
    },
    {
      "name": "CVE-2010-1396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1396"
    },
    {
      "name": "CVE-2010-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1398"
    },
    {
      "name": "CVE-2010-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1761"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1762"
    },
    {
      "name": "CVE-2010-1399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1399"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0053"
    },
    {
      "name": "CVE-2010-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0050"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-1409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1409"
    },
    {
      "name": "CVE-2010-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0047"
    },
    {
      "name": "CVE-2010-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0049"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-1756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1756"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1395"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1404"
    },
    {
      "name": "CVE-2010-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0052"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2010-1406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1406"
    },
    {
      "name": "CVE-2010-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1755"
    },
    {
      "name": "CVE-2010-1413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1413"
    },
    {
      "name": "CVE-2010-1397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1397"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1393"
    },
    {
      "name": "CVE-2010-1401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1401"
    },
    {
      "name": "CVE-2010-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1775"
    },
    {
      "name": "CVE-2010-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1754"
    },
    {
      "name": "CVE-2009-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2816"
    },
    {
      "name": "CVE-2010-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0054"
    },
    {
      "name": "CVE-2010-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1759"
    },
    {
      "name": "CVE-2010-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1389"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1119"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-280",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4225 du 21 juin 2010",
      "url": "http://support.apple.com/kb/HT4225"
    }
  ]
}

CERTA-2010-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans iTunes peuvent être exploitées par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

De multiples vulnérabilités ont été découvertes dans iTunes :

plusieurs erreurs dans les modules ColorSync et ImageIO peuvent conduire à une fuite de données ou de l'exécution de code arbitraire, notamment par le biais d'images spécialement conçues ;
un fichier MP4 importé spécialement conçu entraîne la création d'une boucle infinie dans iTunes, provoquant ainsi un déni de service à distance ;
une erreur dans le paquet d'installation d'iTunes pour Windows peut provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes versions antérieures à 9.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4105 du 30 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple iTunes versions ant\u00e9rieures \u00e0  9.1.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans iTunes :\n\n-   plusieurs erreurs dans les modules ColorSync et ImageIO peuvent\n    conduire \u00e0 une fuite de donn\u00e9es ou de l\u0027ex\u00e9cution de code\n    arbitraire, notamment par le biais d\u0027images sp\u00e9cialement con\u00e7ues ;\n-   un fichier MP4 import\u00e9 sp\u00e9cialement con\u00e7u entra\u00eene la cr\u00e9ation d\u0027une\n    boucle infinie dans iTunes, provoquant ainsi un d\u00e9ni de service \u00e0\n    distance ;\n-   une erreur dans le paquet d\u0027installation d\u0027iTunes pour Windows peut\n    provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0040"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2010-0531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0531"
    },
    {
      "name": "CVE-2010-0532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0532"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans iTunes peuvent \u00eatre exploit\u00e9es\npar un utilisateur malintentionn\u00e9 afin de compromettre le syst\u00e8me ou\nd\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4105 du 30 mars 2010",
      "url": "http://support.apple.com/kb/HT4105"
    }
  ]
}

CERTA-2010-AVI-120

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Apple Safari ont été corrigées.

Description

Plusieurs vulnérabilités ont été corrigées dans Apple Safari. Leur exploitation permet notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari 4.x sur Apple MacOS X.
	Apple	Safari	Safari 4.x sur Microsoft Windows ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4070 du 11 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari 4.x sur Apple MacOS X.",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari 4.x sur Microsoft Windows ;",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple Safari. Leur\nexploitation permet notamment \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0046"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0044"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0053"
    },
    {
      "name": "CVE-2010-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0050"
    },
    {
      "name": "CVE-2010-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0040"
    },
    {
      "name": "CVE-2010-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0047"
    },
    {
      "name": "CVE-2010-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0049"
    },
    {
      "name": "CVE-2010-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0048"
    },
    {
      "name": "CVE-2010-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0045"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0052"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2010-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0054"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-120",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4070 du 11 mars 2010",
      "url": "http://support.apple.com/kb/HT4070"
    }
  ]
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

CERTA-2010-AVI-120

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Apple Safari ont été corrigées.

Description

Plusieurs vulnérabilités ont été corrigées dans Apple Safari. Leur exploitation permet notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari 4.x sur Apple MacOS X.
	Apple	Safari	Safari 4.x sur Microsoft Windows ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4070 du 11 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari 4.x sur Apple MacOS X.",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari 4.x sur Microsoft Windows ;",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple Safari. Leur\nexploitation permet notamment \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0046"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0044"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0053"
    },
    {
      "name": "CVE-2010-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0050"
    },
    {
      "name": "CVE-2010-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0040"
    },
    {
      "name": "CVE-2010-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0047"
    },
    {
      "name": "CVE-2010-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0049"
    },
    {
      "name": "CVE-2010-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0048"
    },
    {
      "name": "CVE-2010-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0045"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0052"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2010-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0054"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-120",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4070 du 11 mars 2010",
      "url": "http://support.apple.com/kb/HT4070"
    }
  ]
}

CERTA-2010-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple iOS.

Description

Plusieurs vulnérabilités, dont certaines permettent l'exécution de code arbitraire à distance, ont été corrigées dans le système d'exploitation Apple iOS.

Solution

Mettre à jour en version iOS 4.0.

Apple iOS 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4225 du 21 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS 3.x.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans le syst\u00e8me d\u0027exploitation\nApple iOS.\n\n## Solution\n\nMettre \u00e0 jour en version iOS 4.0.\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0046"
    },
    {
      "name": "CVE-2009-2195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2195"
    },
    {
      "name": "CVE-2010-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1751"
    },
    {
      "name": "CVE-2009-1723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1723"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1769"
    },
    {
      "name": "CVE-2010-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1390"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1402"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-1400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1400"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1753"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1774"
    },
    {
      "name": "CVE-2010-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1391"
    },
    {
      "name": "CVE-2010-1396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1396"
    },
    {
      "name": "CVE-2010-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1398"
    },
    {
      "name": "CVE-2010-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1761"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1762"
    },
    {
      "name": "CVE-2010-1399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1399"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0053"
    },
    {
      "name": "CVE-2010-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0050"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-1409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1409"
    },
    {
      "name": "CVE-2010-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0047"
    },
    {
      "name": "CVE-2010-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0049"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-1756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1756"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1395"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1404"
    },
    {
      "name": "CVE-2010-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0052"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2010-1406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1406"
    },
    {
      "name": "CVE-2010-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1755"
    },
    {
      "name": "CVE-2010-1413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1413"
    },
    {
      "name": "CVE-2010-1397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1397"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1393"
    },
    {
      "name": "CVE-2010-1401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1401"
    },
    {
      "name": "CVE-2010-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1775"
    },
    {
      "name": "CVE-2010-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1754"
    },
    {
      "name": "CVE-2009-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2816"
    },
    {
      "name": "CVE-2010-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0054"
    },
    {
      "name": "CVE-2010-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1759"
    },
    {
      "name": "CVE-2010-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1389"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1119"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-280",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4225 du 21 juin 2010",
      "url": "http://support.apple.com/kb/HT4225"
    }
  ]
}

FKIE_CVE-2010-0043

Vulnerability from fkie_nvd - Published: 2010-03-15 13:28 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html	Vendor Advisory
product-security@apple.com	http://secunia.com/advisories/39135
product-security@apple.com	http://support.apple.com/kb/HT4070	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4077
product-security@apple.com	http://support.apple.com/kb/HT4105
product-security@apple.com	http://support.apple.com/kb/HT4225
product-security@apple.com	http://www.securityfocus.com/bid/38671	Patch
product-security@apple.com	http://www.securityfocus.com/bid/38673	Patch
product-security@apple.com	http://www.securitytracker.com/id?1023706
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39135
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4070	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4105
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4225
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38671	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38673	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023706
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	4.0
apple	safari	4.0.0b
apple	safari	4.0.1
apple	safari	4.0.2
apple	safari	4.0.3
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1816CD6-0159-4684-A54D-94866D3FE570",
              "versionEndIncluding": "4.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
    },
    {
      "lang": "es",
      "value": "ImageIO en Apple Safari en versiones anteriores a la v4.0.5 en Windows permite a usuarios remotos ejecutar comandos de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una imagen TIFF modificada."
    }
  ],
  "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\r\n\u0027ImageIO\r\nCVE-ID:  CVE-2010-0043\r\nAvailable for:  Windows 7, Vista, XP\r\nImpact:  Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription:  A memory corruption issue exists in the handling of\r\nTIFF images. Processing a maliciously crafted TIFF image may lead to\r\nan unexpected application termination or arbitrary code execution.\r\nThis issue is addressed through improved memory handling. Credit to\r\nGus Mueller of Flying Meat for reporting this issue.\u0027",
  "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\u0027Safari 4.0.5 is available via the Apple Software Update application,\r\nor Apple\u0027s Safari download site at:\r\nhttp://www.apple.com/safari/download/\u0027",
  "id": "CVE-2010-0043",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-15T13:28:25.433",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/39135"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4070"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT4105"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT4225"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38671"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38673"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id?1023706"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-0043

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0043

Aliases

CVE-2010-0043

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0043",
    "description": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.",
    "id": "GSD-2010-0043"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0043"
      ],
      "details": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.",
      "id": "GSD-2010-0043",
      "modified": "2023-12-13T01:21:29.287877Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-0043",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2010-03-11-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4225",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4225"
          },
          {
            "name": "1023706",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023706"
          },
          {
            "name": "39135",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39135"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4105",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4105"
          },
          {
            "name": "http://support.apple.com/kb/HT4070",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4070"
          },
          {
            "name": "oval:org.mitre.oval:def:6901",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
          },
          {
            "name": "38673",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38673"
          },
          {
            "name": "http://support.apple.com/kb/HT4077",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "APPLE-SA-2010-03-30-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
          },
          {
            "name": "APPLE-SA-2010-06-21-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
          },
          {
            "name": "38671",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38671"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.0.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0043"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-11-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
            },
            {
              "name": "38671",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/38671"
            },
            {
              "name": "http://support.apple.com/kb/HT4070",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4070"
            },
            {
              "name": "38673",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/38673"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "APPLE-SA-2010-03-30-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
            },
            {
              "name": "39135",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39135"
            },
            {
              "name": "1023706",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023706"
            },
            {
              "name": "http://support.apple.com/kb/HT4225",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4225"
            },
            {
              "name": "APPLE-SA-2010-06-21-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4105",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4105"
            },
            {
              "name": "oval:org.mitre.oval:def:6901",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:30Z",
      "publishedDate": "2010-03-15T13:28Z"
    }
  }
}

GHSA-XFR4-984J-RH45

Vulnerability from github – Published: 2022-05-02 06:09 – Updated: 2022-05-02 06:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-15T13:28:00Z",
    "severity": "HIGH"
  },
  "details": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.",
  "id": "GHSA-xfr4-984j-rh45",
  "modified": "2022-05-02T06:09:48Z",
  "published": "2022-05-02T06:09:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0043"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39135"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4070"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4105"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4225"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38671"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38673"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023706"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201003-1061

Vulnerability from variot - Updated: 2023-12-18 11:27

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Safari is prone to a remote code-execution vulnerability because it fails to properly handle crafted TIFF images. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will result in a denial-of-service condition. Versions prior to Safari 4.0.5 running on Microsoft Windows 7, XP, and Vista are vulnerable. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------

Secunia CSI + Microsoft SCCM

= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

TITLE: Apple iTunes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA39135

VERIFY ADVISORY: http://secunia.com/advisories/39135/

DESCRIPTION: Some vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a user's system.

For more information see vulnerabilities #1 through #4 and #9 in: SA38932

2) An error when processing MP4 files can be exploited to trigger the execution of an infinite loop and render the application unusable after its restart via e.g. a specially crafted podcast.

3) During installation iTunes for Windows installs and executes certain files in a directory in the ""%ALLUSERSPROFILE%\Application Data\" path. As standard permissions allows any user to write files to the path, this can be exploited to either create malicious files with specific names before installation or malicious libraries after installation, allowing execution of arbitrary code with SYSTEM privileges.

The vulnerabilities are reported in versions prior to 9.1.

SOLUTION: Update to version 9.1.

PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sojeong Hong, Sourcefire VRT 3) Jason Geffner, NGSSoftware

CHANGELOG: 2010-03-31: Added additional information provided by NGSSoftware.

ORIGINAL ADVISORY: http://support.apple.com/kb/HT4105

OTHER REFERENCES: SA38932: http://secunia.com/advisories/38932/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-1061",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0.0b"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.0 to  3.1.3"
      },
      {
        "model": "ios for ipod touch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1 to  3.1.3"
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "38673"
      },
      {
        "db": "BID",
        "id": "38671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.0.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthew Jurczyk Billy Rios Robert Swiecki robert@swiecki.net wushi wooshi@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2010-0043",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-0043",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-42648",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-0043",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-182",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42648",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Safari is prone to a remote code-execution vulnerability because it fails to properly handle crafted TIFF images. \nAttackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will result in a denial-of-service condition. \nVersions prior to Safari 4.0.5 running on Microsoft Windows 7, XP, and Vista are vulnerable. \nThis issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------\n\n\n  Secunia CSI\n+ Microsoft SCCM\n-----------------------\n= Extensive Patch Management\n\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iTunes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA39135\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/39135/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple iTunes, which can be\nexploited by malicious, local users to gain escalated privileges and\nby malicious people to disclose sensitive information, cause a DoS\n(Denial of Service), or compromise a user\u0027s system. \n\nFor more information see vulnerabilities #1 through #4 and #9 in:\nSA38932\n\n2) An error when processing MP4 files can be exploited to trigger the\nexecution of an infinite loop and render the application unusable\nafter its restart via e.g. a specially crafted podcast. \n\n3) During installation iTunes for Windows installs and executes\ncertain files in a directory in the \"\"%ALLUSERSPROFILE%\\Application\nData\\\" path. As standard permissions allows any user to write files\nto the path, this can be exploited to either create malicious files\nwith specific names before installation or malicious libraries after\ninstallation, allowing execution of arbitrary code with SYSTEM\nprivileges. \n\nThe vulnerabilities are reported in versions prior to 9.1. \n\nSOLUTION:\nUpdate to version 9.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Sojeong Hong, Sourcefire VRT\n3) Jason Geffner, NGSSoftware\n\nCHANGELOG:\n2010-03-31: Added additional information provided by NGSSoftware. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT4105\n\nOTHER REFERENCES:\nSA38932:\nhttp://secunia.com/advisories/38932/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "BID",
        "id": "38673"
      },
      {
        "db": "BID",
        "id": "38671"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0043",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "38673",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "38671",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "39135",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1023706",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-03-11-1",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "14628",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-42648",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "87984",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "db": "BID",
        "id": "38673"
      },
      {
        "db": "BID",
        "id": "38671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "id": "VAR-201003-1061",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:27:23.661000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4070",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4070"
      },
      {
        "title": "HT4077",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4077"
      },
      {
        "title": "HT4105",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4105"
      },
      {
        "title": "HT4225",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4225"
      },
      {
        "title": "HT4070",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4070?viewlocale=ja_jp"
      },
      {
        "title": "HT4077",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4077?viewlocale=ja_jp"
      },
      {
        "title": "HT4105",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
      },
      {
        "title": "HT4225",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4225?viewlocale=ja_jp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/38673"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/38671"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4070"
      },
      {
        "trust": 1.2,
        "url": "http://support.apple.com/kb/ht4105"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4077"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4225"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6901"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023706"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39135"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0043"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0043"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/14628"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38932/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39135/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "db": "BID",
        "id": "38673"
      },
      {
        "db": "BID",
        "id": "38671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "db": "BID",
        "id": "38673"
      },
      {
        "db": "BID",
        "id": "38671"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "date": "2010-03-11T00:00:00",
        "db": "BID",
        "id": "38673"
      },
      {
        "date": "2010-03-11T00:00:00",
        "db": "BID",
        "id": "38671"
      },
      {
        "date": "2010-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "date": "2010-04-02T16:05:17",
        "db": "PACKETSTORM",
        "id": "87984"
      },
      {
        "date": "2010-03-15T13:28:25.433000",
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "date": "2010-03-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42648"
      },
      {
        "date": "2010-06-21T22:28:00",
        "db": "BID",
        "id": "38673"
      },
      {
        "date": "2010-03-12T15:32:00",
        "db": "BID",
        "id": "38671"
      },
      {
        "date": "2010-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      },
      {
        "date": "2017-09-19T01:30:11.453000",
        "db": "NVD",
        "id": "CVE-2010-0043"
      },
      {
        "date": "2011-07-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "38673"
      },
      {
        "db": "BID",
        "id": "38671"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari of  ImageIO Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001183"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-182"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0043 (GCVE-0-2010-0043)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature