Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-0041 | First vendor Publication | 2010-03-15 |
| Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0041 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6885 | |||
| Oval ID: | oval:org.mitre.oval:def:6885 | ||
| Title: | Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability | ||
| Description: | ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0041 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Apple Safari Apple iTunes |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
| 2010-03-18 | Name : Apple Safari Webkit Multiple Vulnerabilities File : nvt/gb_apple_safari_webkit_mult_vuln_mar10.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62934 | Apple Safari on Windows ImageIO Crafted BMP File Process Memory Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-03-31 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_9_1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_9_1_banner.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
| 2010-03-11 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_5.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-04-10 12:05:59 |
|
| 2020-05-23 01:41:28 |
|
| 2020-05-23 00:25:02 |
|
| 2017-11-29 12:03:14 |
|
| 2017-11-23 12:03:16 |
|
| 2017-09-19 09:23:34 |
|
| 2016-06-29 00:09:54 |
|
| 2016-04-26 19:29:26 |
|
| 2014-02-17 10:53:06 |
|
| 2013-05-10 23:14:00 |
|
