Vulnerabilities > CVE-2010-0519 - Numeric Errors vulnerability in Apple mac OS X and mac OS X Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | MOAUB #2 - Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability. CVE-2010-0519. Dos exploit for windows platform |
| id | EDB-ID:14869 |
| last seen | 2016-02-01 |
| modified | 2010-09-02 |
| published | 2010-09-02 |
| reporter | Abysssec |
| source | https://www.exploit-db.com/download/14869/ |
| title | Apple QuickTime FlashPix NumberOfTiles - Remote Code Execution Vulnerability |
Nessus
NASL family Windows NASL id QUICKTIME_766.NASL description The version of QuickTime installed on the remote Windows host is older than 7.6.6. Such versions contain several vulnerabilities : - A heap-based buffer overflow in QuickTime last seen 2020-06-01 modified 2020-06-02 plugin id 45388 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45388 title QuickTime < 7.6.6 Multiple Vulnerabilities (Windows) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(45388); script_version("1.15"); script_cvs_date("Date: 2018/07/26 13:32:43"); script_cve_id( "CVE-2009-2837", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0526", "CVE-2010-0527", "CVE-2010-0528", "CVE-2010-0529", "CVE-2010-0536" ); script_bugtraq_id( 39136, 39139, 39140, 39141, 39152, 39154, 39155, 39159, 39161, 39163, 39164, 39165, 39166, 39167 ); script_name(english:"QuickTime < 7.6.6 Multiple Vulnerabilities (Windows)"); script_summary(english:"Checks version of QuickTime on Windows"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains an application that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Windows host is older than 7.6.6. Such versions contain several vulnerabilities : - A heap-based buffer overflow in QuickTime's handling of PICT images may lead to an application crash or arbitrary code execution. (CVE-2009-2837) - A memory corruption issue in QuickTime's handling of QDM2 encoded audio content may lead to an application crash or arbitrary code execution. (CVE-2010-0059) - A memory corruption issue in QuickTime's handling of QDMC encoded audio content may lead to an application crash or arbitrary code execution. (CVE-2010-0060) - A heap-based buffer overflow in QuickTime's handling of H.263 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0062) - A heap-based buffer overflow in QuickTime's handling of H.261 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0514) - A memory corruption issue in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0515) - A heap-based buffer overflow in QuickTime's handling of RLE encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0516) - A heap-based buffer overflow in QuickTime's handling of M-JPEG encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0517) - A memory corruption issue in QuickTime's handling of Sorenson encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0518) - An integer overflow in QuickTime's handling of FlashPix encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0519) - A heap-based buffer overflow in QuickTime's handling of FLC encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0520) - A heap-based buffer overflow in QuickTime's handling of MPEG encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0526) - An integer overflow in QuickTime's handling of PICT images may lead to an application crash or arbitrary code execution. (CVE-2010-0527) - A memory corruption issue in QuickTime's handling of color tables in movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0528) - A heap-based buffer overflow in QuickTime's handling of PICT images may lead to an application crash or arbitrary code execution. (CVE-2010-0529) - A memory corruption issue in QuickTime's handling of BMP images may lead to an application crash or arbitrary code execution. (CVE-2010-0536)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4104" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Mar/msg00002.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/19386" ); script_set_attribute( attribute:"solution", value:"Upgrade to QuickTime 7.6.6 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/30"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("quicktime_installed.nasl"); script_require_keys("SMB/QuickTime/Version"); exit(0); } include("global_settings.inc"); version_ui = get_kb_item("SMB/QuickTime/Version_UI"); version = get_kb_item("SMB/QuickTime/Version"); if (isnull(version)) exit(1, "The 'SMB/QuickTime/Version' KB item is missing."); if (isnull(version_ui)) version_report = version; else version_report = version_ui; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 7 || ( ver[0] == 7 && ( ver[1] < 66 || (ver[1] == 66 && ver[2] < 71) ) ) ) { if (report_verbosity > 0) { report = '\n' + 'QuickTime ' + version_report + ' is currently installed on the remote host.\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } else exit(0, "The host is not affected since QuickTime "+version_report+" is installed.");NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_3.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 45372 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45372 title Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(45372); script_version("1.31"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id( "CVE-2003-0063", "CVE-2006-1329", "CVE-2008-4456", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0057", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537" ); script_bugtraq_id( 6940, 17155, 31486, 35193, 35196, 35233, 35263, 35278, 35416, 35510, 35579, 35609, 36032, 36278, 36554, 36555, 36573, 37075, 37142, 37297, 37942, 37944, 37945, 38043, 38524, 38673, 38676, 38677, 39151, 39153, 39157, 39160, 39161, 39171, 39172, 39175, 39194, 39230, 39231, 39232, 39234, 39236, 39252, 39255, 39256, 39258, 39264, 39268, 39273, 39274, 39278, 39279, 39281, 39291 ); script_name(english:"Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4077" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/19364" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.6.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(20, 22, 59, 79, 119, 134, 189, 200, 264, 287, 310); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/29"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); c = get_kb_item("Host/OS/Confidence"); if ( isnull(os) || c <= 70 ) exit(0); } if (!os) exit(1, "The 'Host/OS' KB item is missing."); if (ereg(pattern:"Mac OS X 10\.6($|\.[0-2]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");NASL family MacOS X Local Security Checks NASL id MACOSX_QUICKTIME766.NASL description The version of QuickTime installed on the remote Mac OS X host is older than 7.6.6. Such versions contain several vulnerabilities : - A memory corruption issue in QuickTime last seen 2020-06-01 modified 2020-06-02 plugin id 45387 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45387 title QuickTime < 7.6.6 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(45387); script_version("1.12"); script_cve_id( "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0526" ); script_bugtraq_id( 39152, 39154, 39155, 39159, 39161, 39163, 39164, 39165, 39166, 39167 ); script_name(english:"QuickTime < 7.6.6 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of QuickTime on Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote Mac OS X host contains an application that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Mac OS X host is older than 7.6.6. Such versions contain several vulnerabilities : - A memory corruption issue in QuickTime's handling of QDM2 encoded audio content may lead to an application crash or arbitrary code execution. (CVE-2010-0059) - A memory corruption issue in QuickTime's handling of QDMC encoded audio content may lead to an application crash or arbitrary code execution. (CVE-2010-0060) - A heap buffer overflow in QuickTime's handling of H.263 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0062) - A heap buffer overflow in QuickTime's handling of H.261 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0514) - A memory corruption issue in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0515) - A heap buffer overflow in QuickTime's handling of RLE encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0516) - A heap buffer overflow in QuickTime's handling of M-JPEG encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0517) - A memory corruption issue in QuickTime's handling of Sorenson encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0518) - An integer overflow in QuickTime's handling of FlashPix encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0519) - A heap buffer overflow in QuickTime's handling of FLC encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0520) - A heap buffer overflow in QuickTime's handling of MPEG encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2010-0526)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4104" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Mar/msg00002.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/19386" ); script_set_attribute( attribute:"solution", value:"Upgrade to QuickTime 7.6.6 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/30"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/31"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Quicktime652.nasl", "ssh_get_info.nasl"); script_require_keys("MacOSX/QuickTime/Version", "Host/uname"); exit(0); } include("global_settings.inc"); uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^[0-8]\.", string:darwin)) exit(0, "The host is running Darwin kernel version "+darwin+", which is no longer supported by Apple."); version = get_kb_item("MacOSX/QuickTime/Version"); if (isnull(version)) exit(1, "The 'MacOSX/QuickTime/Version' KB item is missing."); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 7 || ( ver[0] == 7 && ( ver[1] < 6 || (ver[1] == 6 && ver[2] < 6) ) ) ) { if (report_verbosity > 0) { report = '\n' + 'QuickTime ' + version + ' is currently installed on the remote host.\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The host is not affected since QuickTime "+version+" is installed.");
Oval
| accepted | 2013-07-29T04:01:55.551-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:7498 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2010-04-06T10:30:00.000-05:00 | ||||||||||||||||
| title | Apple QuickTime Before 7.6.6 FlashPix Encoded Movie Handling Integer Overflow Vulnerability | ||||||||||||||||
| version | 10 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/93454/moaub-quicktime.txt |
| id | PACKETSTORM:93454 |
| last seen | 2016-12-05 |
| published | 2010-09-03 |
| reporter | Abysssec |
| source | https://packetstormsecurity.com/files/93454/Month-Of-Abysssec-Undisclosed-Bugs-Apple-QuickTime-FlashPix.html |
| title | Month Of Abysssec Undisclosed Bugs - Apple QuickTime FlashPix |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:69757 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-69757 |
| title | Apple QuickTime FlashPix NumberOfTiles - Remote Code Execution Vulnerability |
References
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
- http://support.apple.com/kb/HT4077
- http://support.apple.com/kb/HT4077
- http://www.securityfocus.com/archive/1/510519/100/0/threaded
- http://www.securityfocus.com/archive/1/510519/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-10-043
- http://www.zerodayinitiative.com/advisories/ZDI-10-043
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7498
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7498