Vulnerabilities > CVE-2010-0040 - Numeric Errors vulnerability in Apple Safari

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
microsoft
CWE-189
critical
nessus
NVD
Published: 2010-03-15
Updated: 2017-09-19

Summary

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html ColorSync CVE-ID: CVE-2010-0040 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow, that could result in a heap buffer overflow, exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'

Vulnerable Configurations

Part Description Count
Application
Apple
86
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idSAFARI_4_0_5.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 4.0.5. It thus is potentially affected by several issues : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45045
    published2010-03-11
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45045
    titleSafari < 4.0.5 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idITUNES_9_1.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 9.1. Such versions may be affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45390
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45390
    titleApple iTunes < 9.1 Multiple Vulnerabilities (credentialed check)
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_9_1_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id45391
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45391
    titleApple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2015-06-22T04:00:46.837-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameScott Quint
    organizationQuintechssential
  • nameShane Shaffer
    organizationG2, Inc.
  • namePooja Shetty
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameBernd Eggenmueller
    organizationbaramundi software
definition_extensions
  • commentApple iTunes is installed
    ovaloval:org.mitre.oval:def:12353
  • commentApple Safari is installed
    ovaloval:org.mitre.oval:def:6325
descriptionInteger overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
familywindows
idoval:org.mitre.oval:def:6741
statusaccepted
submitted2010-04-09T10:30:00.000-05:00
titleApple Safari Prior to 4.0.5 Integer Overflow Vulnerability
version20

References