Executive Summary

Informations
Name CVE-2010-0517 First vendor Publication 2010-03-30
Vendor Cve Last vendor Modification 2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0517

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6673
 
Oval ID: oval:org.mitre.oval:def:6673
Title: Apple QuickTime Before 7.6.6 M-JPEG Encoded Movie Handling Buffer Overflow Vulnerability
Description: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0517
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
 Product(s): Apple QuickTime
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3
Os 3

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63381 Apple Mac OS X QuickTime M-JPEG Encoded MOV File Handling Overflow

Nessus® Vulnerability Scanner

Date Description
2010-03-31 Name : The remote Mac OS X host contains an application that is affected by multiple...
File : macosx_Quicktime766.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote Windows host contains an application that is affected by multiple ...
File : quicktime_766.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
BUGTRAQ http://www.securityfocus.com/archive/1/510511/100/0/threaded
CONFIRM http://support.apple.com/kb/HT4077
MISC http://www.zerodayinitiative.com/advisories/ZDI-10-037
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:11:07
  • Multiple Updates
2021-04-22 01:11:41
  • Multiple Updates
2020-05-23 00:25:16
  • Multiple Updates
2018-10-11 00:19:47
  • Multiple Updates
2017-09-19 09:23:38
  • Multiple Updates
2016-04-26 19:34:27
  • Multiple Updates
2014-02-17 10:53:50
  • Multiple Updates
2013-05-10 23:18:06
  • Multiple Updates