cvelistv5 - cve-2009-0010

CVE-2009-0010 (GCVE-0-2009-0010)

Vulnerability from cvelistv5 – Published: 2009-05-13 15:14 – Updated: 2024-08-07 04:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.zerodayinitiative.com/advisories/ZDI-09-021/	x_refsource_MISC
	http://secunia.com/advisories/35091	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT3549	x_refsource_CONFIRM
	http://support.apple.com/kb/HT3591	x_refsource_CONFIRM
	http://secunia.com/advisories/35074	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/1407	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1022209	vdb-entryx_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/archive/1/503878/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/exploits/Apple_QuickTime_PIC…	x_refsource_MISC
	http://www.zerodayinitiative.com/advisories/ZDI-09-021	x_refsource_MISC
	http://www.securityfocus.com/bid/34926	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/34938	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2009/1297	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.459Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
          },
          {
            "name": "35091",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3591"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "ADV-2009-1407",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1407"
          },
          {
            "name": "1022209",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022209"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
          },
          {
            "name": "34926",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34926"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "34938",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34938"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "APPLE-SA-2009-06-01-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
        },
        {
          "name": "35091",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3591"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "name": "ADV-2009-1407",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1407"
        },
        {
          "name": "1022209",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022209"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
        },
        {
          "name": "34926",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34926"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "name": "34938",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34938"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "APPLE-SA-2009-06-01-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0010",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
            },
            {
              "name": "35091",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35091"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "http://support.apple.com/kb/HT3591",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3591"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "ADV-2009-1407",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1407"
            },
            {
              "name": "1022209",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022209"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
            },
            {
              "name": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php",
              "refsource": "MISC",
              "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-021",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
            },
            {
              "name": "34926",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34926"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "34938",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34938"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "APPLE-SA-2009-06-01-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0010",
    "datePublished": "2009-05-13T15:14:00",
    "dateReserved": "2008-12-15T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EE39585-CF3B-4493-96D8-B394544C7643\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2442D35-7484-43D8-9077-3FDF63104816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC90AA12-DD17-4607-90CB-E342E83F20BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F3E721C-00CA-4D51-B542-F2BC5C0D65BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3267A41-1AE0-48B8-BD1F-DEC8A212851A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"855288F1-0242-4951-AB3F-B7AF13E21CF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10082781-B93E-4B84-94F2-FA9749B4D92B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE1EBF04-C440-4A6B-93F2-DC3A812728C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFB077A2-927B-43AF-BFD5-0E78648C9394\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20E8648C-5469-4280-A581-D4A9A41B7213\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7817232-BE3E-4655-8282-A979E5D40D3D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E8D614-E1EE-42F1-9E55-EA54FB500621\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C73BED9E-29FB-4965-B38F-013FFE5A9170\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3B7DEC3-1C0B-4D13-98CD-CB7FAE7933B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7723A9E8-1DE2-4C7D-81E6-4F79DCB09324\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EC681A4-6F58-4C7D-B4E0-FCC1BCBC534E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (cuelgue de aplicacion) a trav\\u00e9s de una imagen PICT elaborada que desencadena un desbordamiento de b\\u00fafer basado en pila.\"}]",
      "id": "CVE-2009-0010",
      "lastModified": "2024-11-21T00:58:51.513",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-05-13T15:30:00.233",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35074\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/35091\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT3549\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3591\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/503878/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/34926\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/34938\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1022209\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1297\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1407\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-021\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-021/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT3549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/503878/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34926\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34938\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1297\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1407\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-021/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0010\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-05-13T15:30:00.233\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (cuelgue de aplicacion) a trav\u00e9s de una imagen PICT elaborada que desencadena un desbordamiento de b\u00fafer basado en pila.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE39585-CF3B-4493-96D8-B394544C7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2442D35-7484-43D8-9077-3FDF63104816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC90AA12-DD17-4607-90CB-E342E83F20BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F3E721C-00CA-4D51-B542-F2BC5C0D65BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3267A41-1AE0-48B8-BD1F-DEC8A212851A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855288F1-0242-4951-AB3F-B7AF13E21CF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10082781-B93E-4B84-94F2-FA9749B4D92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1EBF04-C440-4A6B-93F2-DC3A812728C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFB077A2-927B-43AF-BFD5-0E78648C9394\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E8648C-5469-4280-A581-D4A9A41B7213\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7817232-BE3E-4655-8282-A979E5D40D3D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E8D614-E1EE-42F1-9E55-EA54FB500621\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C73BED9E-29FB-4965-B38F-013FFE5A9170\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3B7DEC3-1C0B-4D13-98CD-CB7FAE7933B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7723A9E8-1DE2-4C7D-81E6-4F79DCB09324\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EC681A4-6F58-4C7D-B4E0-FCC1BCBC534E\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35091\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3591\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/503878/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34926\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34938\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1022209\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1407\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-021\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-021/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/503878/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34926\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34938\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-021/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-F2H2-4MGP-FCW2

Vulnerability from github – Published: 2022-05-02 03:12 – Updated: 2025-04-09 04:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0010"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-13T15:30:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.",
  "id": "GHSA-f2h2-4mgp-fcw2",
  "modified": "2025-04-09T04:09:46Z",
  "published": "2022-05-02T03:12:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0010"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35091"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3591"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34926"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34938"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022209"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1407"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. L'exploitation de certaines d'entre elles peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Elles touchent divers composants et services installés comme CFNetworks (manipulation des échanges HTTP), CoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation de l'URI help:), QuickDraw Manager (manipulation d'images PICT), Safari (manipulation de l'URI feed:), OpenSSL, PHP, WebKit, X11, etc.

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-206

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le lecteur multimédia Apple QuickTime. L'exploitation de celles-ci permet à une personne malveillante de perturber le service, voire d'exécuter du code arbitraire sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le lecteur multimédia Apple QuickTime. Ce dernier ne manipulerait pas correctement certains formats de fichiers, comme les données vidéo de type Sorenson 3, les fichiers compressés par FLI/FLC, les images compressées par PSD ou aux formats PICT et JP2.

L'exploitation de ces vulnérabilités peut être réalisée avec des fichiers spécialement construits puis insérés dans des pages Web. Cela permet à une personne malveillante, à distance, de perturber le service, voire d'exécuter du code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple QuickTime pour les versions antérieures à 7.6.2.

Les systèmes d'exploitation peuvent être indifféremment Apple Mac OS X ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3591 du 01 juin 2009	None	vendor-advisory
Note de sécurité Apple HT3591 du 01 juin 2009 :	-	other
Bulletin de sécurité Apple 106704 du 01 juin 2009 :	-	other
Note de sécurité Apple HT3520 du 01 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eApple QuickTime pour les versions ant\u00e9rieures \u00e0 7.6.2.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes syst\u00e8mes d\u0027exploitation peuvent \u00eatre indiff\u00e9remment Apple  Mac OS X ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multim\u00e9dia\nApple QuickTime. Ce dernier ne manipulerait pas correctement certains\nformats de fichiers, comme les donn\u00e9es vid\u00e9o de type Sorenson 3, les\nfichiers compress\u00e9s par FLI/FLC, les images compress\u00e9es par PSD ou aux\nformats PICT et JP2.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut \u00eatre r\u00e9alis\u00e9e avec des\nfichiers sp\u00e9cialement construits puis ins\u00e9r\u00e9s dans des pages Web. Cela\npermet \u00e0 une personne malveillante, \u00e0 distance, de perturber le service,\nvoire d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0954"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0957"
    },
    {
      "name": "CVE-2009-0951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0951"
    },
    {
      "name": "CVE-2009-0955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0955"
    },
    {
      "name": "CVE-2009-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0185"
    },
    {
      "name": "CVE-2009-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0188"
    },
    {
      "name": "CVE-2009-0952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0952"
    },
    {
      "name": "CVE-2009-0956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0956"
    },
    {
      "name": "CVE-2009-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0953"
    }
  ],
  "links": [
    {
      "title": "Note de s\u00e9curit\u00e9 Apple HT3591 du 01 juin 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3591"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 01 juin 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Note de s\u00e9curit\u00e9 Apple HT3520 du 01 juin 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3520"
    }
  ],
  "reference": "CERTA-2009-AVI-206",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multim\u00e9dia\nApple QuickTime. L\u0027exploitation de celles-ci permet \u00e0 une personne\nmalveillante de perturber le service, voire d\u0027ex\u00e9cuter du code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3591 du 01 juin 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: - Updated:

Description

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-206

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple QuickTime pour les versions antérieures à 7.6.2.

Les systèmes d'exploitation peuvent être indifféremment Apple Mac OS X ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3591 du 01 juin 2009	None	vendor-advisory
Note de sécurité Apple HT3591 du 01 juin 2009 :	-	other
Bulletin de sécurité Apple 106704 du 01 juin 2009 :	-	other
Note de sécurité Apple HT3520 du 01 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eApple QuickTime pour les versions ant\u00e9rieures \u00e0 7.6.2.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes syst\u00e8mes d\u0027exploitation peuvent \u00eatre indiff\u00e9remment Apple  Mac OS X ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multim\u00e9dia\nApple QuickTime. Ce dernier ne manipulerait pas correctement certains\nformats de fichiers, comme les donn\u00e9es vid\u00e9o de type Sorenson 3, les\nfichiers compress\u00e9s par FLI/FLC, les images compress\u00e9es par PSD ou aux\nformats PICT et JP2.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut \u00eatre r\u00e9alis\u00e9e avec des\nfichiers sp\u00e9cialement construits puis ins\u00e9r\u00e9s dans des pages Web. Cela\npermet \u00e0 une personne malveillante, \u00e0 distance, de perturber le service,\nvoire d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0954"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0957"
    },
    {
      "name": "CVE-2009-0951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0951"
    },
    {
      "name": "CVE-2009-0955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0955"
    },
    {
      "name": "CVE-2009-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0185"
    },
    {
      "name": "CVE-2009-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0188"
    },
    {
      "name": "CVE-2009-0952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0952"
    },
    {
      "name": "CVE-2009-0956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0956"
    },
    {
      "name": "CVE-2009-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0953"
    }
  ],
  "links": [
    {
      "title": "Note de s\u00e9curit\u00e9 Apple HT3591 du 01 juin 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3591"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 01 juin 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Note de s\u00e9curit\u00e9 Apple HT3520 du 01 juin 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3520"
    }
  ],
  "reference": "CERTA-2009-AVI-206",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multim\u00e9dia\nApple QuickTime. L\u0027exploitation de celles-ci permet \u00e0 une personne\nmalveillante de perturber le service, voire d\u0027ex\u00e9cuter du code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3591 du 01 juin 2009",
      "url": null
    }
  ]
}

GSD-2009-0010

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0010

Aliases

CVE-2009-0010

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0010",
    "description": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.",
    "id": "GSD-2009-0010"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0010"
      ],
      "details": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.",
      "id": "GSD-2009-0010",
      "modified": "2023-12-13T01:19:44.428190Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0010",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
          },
          {
            "name": "35091",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35091"
          },
          {
            "name": "http://support.apple.com/kb/HT3549",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "http://support.apple.com/kb/HT3591",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3591"
          },
          {
            "name": "35074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "ADV-2009-1407",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1407"
          },
          {
            "name": "1022209",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022209"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
          },
          {
            "name": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php",
            "refsource": "MISC",
            "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-021",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
          },
          {
            "name": "34926",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34926"
          },
          {
            "name": "TA09-133A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "34938",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34938"
          },
          {
            "name": "ADV-2009-1297",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "APPLE-SA-2009-06-01-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0010"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "34926",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34926"
            },
            {
              "name": "34938",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34938"
            },
            {
              "name": "1022209",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022209"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-021",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
            },
            {
              "name": "APPLE-SA-2009-06-01-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3591",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3591"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
            },
            {
              "name": "ADV-2009-1407",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1407"
            },
            {
              "name": "35091",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35091"
            },
            {
              "name": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
            },
            {
              "name": "20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:58Z",
      "publishedDate": "2009-05-13T15:30Z"
    }
  }
}

VAR-200905-0043

Vulnerability from variot - Updated: 2024-07-23 22:06

Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user. The QuickDraw component of Apple Mac OS X is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a specially crafted PICT image file. A successful exploit will allow arbitrary attacker-supplied code to run in the context of the victim running the affected application. NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. The way PICT graphics are handled has an integer underflow that can lead to a heap overflow, and opening a malicious PICT graphic could lead to unexpected application termination or arbitrary code execution. ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-021 May 13, 2009

-- CVE ID: CVE-2009-0010

-- Affected Vendors: Apple

-- Affected Products: Apple Quicktime

-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8048.

-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at:

http://support.apple.com/kb/HT3549

-- Disclosure Timeline: 2009-04-15 - Vulnerability reported to vendor 2009-05-13 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by: * Damian Put, Sebastian Apelt

-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200905-0043",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.6"
      },
      {
        "model": "quicktime",
        "scope": null,
        "trust": 1.4,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5 to  v10.5.6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5 to  v10.5.6"
      },
      {
        "model": "quicktime",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "db": "BID",
        "id": "34937"
      },
      {
        "db": "BID",
        "id": "34938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sebastian Apelt (sebastian.apelt@siberas.de)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2009-0010",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-0010",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-37456",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-0010",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200905-163",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-37456",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user. The QuickDraw component of Apple Mac OS X is prone to a memory-corruption vulnerability. \nAn attacker can exploit this issue by tricking a victim into opening a specially crafted PICT image file. A successful exploit will allow arbitrary attacker-supplied code to run in the context of the victim running the affected application. \nNOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. The way PICT graphics are handled has an integer underflow that can lead to a heap overflow, and opening a malicious PICT graphic could lead to unexpected application termination or arbitrary code execution. ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-021\nMay 13, 2009\n\n-- CVE ID:\nCVE-2009-0010\n\n-- Affected Vendors:\nApple\n\n-- Affected Products:\nApple Quicktime\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 8048. \n\n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://support.apple.com/kb/HT3549\n\n-- Disclosure Timeline:\n2009-04-15 - Vulnerability reported to vendor\n2009-05-13 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n    * Damian Put, Sebastian Apelt\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "db": "BID",
        "id": "34937"
      },
      {
        "db": "BID",
        "id": "34938"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "db": "PACKETSTORM",
        "id": "77915"
      },
      {
        "db": "PACKETSTORM",
        "id": "78025"
      }
    ],
    "trust": 3.69
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-37456",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-0010",
        "trust": 4.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "34938",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "35074",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "35091",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1297",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1407",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA09-133A",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1022209",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "34926",
        "trust": 1.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-030",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "SA09-133A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-413",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-470",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2009-05-12",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2009-06-01-1",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20090527 ZDI-09-021: APPLE QUICKTIME PICT UNSPECIFIED TAG HEAP OVERFLOW VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA09-133A",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "34937",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "78025",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "77915",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-37456",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "db": "BID",
        "id": "34937"
      },
      {
        "db": "BID",
        "id": "34938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "PACKETSTORM",
        "id": "77915"
      },
      {
        "db": "PACKETSTORM",
        "id": "78025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "id": "VAR-200905-0043",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:06:10.145000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3591",
        "trust": 1.5,
        "url": "http://support.apple.com/kb/ht3591"
      },
      {
        "title": "HT3549",
        "trust": 1.5,
        "url": "http://support.apple.com/kb/ht3549"
      },
      {
        "title": "HT3591",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3591?viewlocale=ja_jp"
      },
      {
        "title": "HT3549",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3549?viewlocale=ja_jp"
      },
      {
        "title": "TA09-133A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-133a.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://support.apple.com/kb/ht3591"
      },
      {
        "trust": 2.5,
        "url": "http://support.apple.com/kb/ht3549"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/34938"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-133a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1022209"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/35074"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/35091"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/1297"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/1407"
      },
      {
        "trust": 2.0,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-021/"
      },
      {
        "trust": 1.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-021"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2009/may/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/34926"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/exploits/apple_quicktime_pict_poly_tag_parsing_heap_overflow_poc_exploit_1407144.php"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0010"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta09-133a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2009-12"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0010"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa09-133a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/503878/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/503878"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-030/"
      },
      {
        "trust": 0.2,
        "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0010"
      },
      {
        "trust": 0.2,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.2,
        "url": "http://www.zerodayinitiative.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-030"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "db": "BID",
        "id": "34937"
      },
      {
        "db": "BID",
        "id": "34938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "PACKETSTORM",
        "id": "77915"
      },
      {
        "db": "PACKETSTORM",
        "id": "78025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "db": "BID",
        "id": "34937"
      },
      {
        "db": "BID",
        "id": "34938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "db": "PACKETSTORM",
        "id": "77915"
      },
      {
        "db": "PACKETSTORM",
        "id": "78025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-06-02T00:00:00",
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "date": "2009-05-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "date": "2009-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "date": "2009-05-12T00:00:00",
        "db": "BID",
        "id": "34937"
      },
      {
        "date": "2009-05-12T00:00:00",
        "db": "BID",
        "id": "34938"
      },
      {
        "date": "2009-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "date": "2009-05-29T00:23:10",
        "db": "PACKETSTORM",
        "id": "77915"
      },
      {
        "date": "2009-06-03T03:52:59",
        "db": "PACKETSTORM",
        "id": "78025"
      },
      {
        "date": "2009-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "date": "2009-05-13T15:30:00.233000",
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-06-02T00:00:00",
        "db": "ZDI",
        "id": "ZDI-09-030"
      },
      {
        "date": "2009-05-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-09-021"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37456"
      },
      {
        "date": "2015-05-07T18:19:00",
        "db": "BID",
        "id": "34937"
      },
      {
        "date": "2009-06-11T22:09:00",
        "db": "BID",
        "id": "34938"
      },
      {
        "date": "2009-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      },
      {
        "date": "2009-06-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      },
      {
        "date": "2018-10-11T20:58:40.320000",
        "db": "NVD",
        "id": "CVE-2009-0010"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "77915"
      },
      {
        "db": "PACKETSTORM",
        "id": "78025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  QuickDraw Manager and  Apple QuickTime Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001331"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200905-163"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2009-0010

Vulnerability from fkie_nvd - Published: 2009-05-13 15:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/35074
cve@mitre.org	http://secunia.com/advisories/35091
cve@mitre.org	http://support.apple.com/kb/HT3549	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3591
cve@mitre.org	http://www.securityfocus.com/archive/1/503878/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34926
cve@mitre.org	http://www.securityfocus.com/bid/34938
cve@mitre.org	http://www.securitytracker.com/id?1022209
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1297
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1407
cve@mitre.org	http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-09-021
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-09-021/
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35074
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35091
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3549	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3591
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/503878/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34926
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34938
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022209
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1297
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1407
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-09-021
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-09-021/

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.4.11
apple	mac_os_x	10.5
apple	mac_os_x	10.5.0
apple	mac_os_x	10.5.1
apple	mac_os_x	10.5.2
apple	mac_os_x	10.5.3
apple	mac_os_x	10.5.4
apple	mac_os_x	10.5.5
apple	mac_os_x	10.5.6
apple	mac_os_x_server	10.4.11
apple	mac_os_x_server	10.5
apple	mac_os_x_server	10.5.0
apple	mac_os_x_server	10.5.1
apple	mac_os_x_server	10.5.2
apple	mac_os_x_server	10.5.3
apple	mac_os_x_server	10.5.4
apple	mac_os_x_server	10.5.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC90AA12-DD17-4607-90CB-E342E83F20BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB077A2-927B-43AF-BFD5-0E78648C9394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7817232-BE3E-4655-8282-A979E5D40D3D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B7DEC3-1C0B-4D13-98CD-CB7FAE7933B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7723A9E8-1DE2-4C7D-81E6-4F79DCB09324",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC681A4-6F58-4C7D-B4E0-FCC1BCBC534E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (cuelgue de aplicacion) a trav\u00e9s de una imagen PICT elaborada que desencadena un desbordamiento de b\u00fafer basado en pila."
    }
  ],
  "id": "CVE-2009-0010",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-13T15:30:00.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35091"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3591"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34926"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34938"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022209"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/exploits/Apple_QuickTime_PICT_Poly_Tag_Parsing_Heap_Overflow_PoC_Exploit_1407144.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-021/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0010 (GCVE-0-2009-0010)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature