Vulnerability Details : CVE-2010-0041
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Products affected by CVE-2010-0041
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0041
1.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0041
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-0041
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0041
-
http://secunia.com/advisories/39135
Sign in
-
http://support.apple.com/kb/HT4070
About the security content of Safari 4.0.5 - Apple SupportVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885
Repository / Oval Repository
-
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Apple - Lists.apple.comVendor Advisory
-
http://support.apple.com/kb/HT4105
About the security content of iTunes 9.1 - Apple Support
-
http://support.apple.com/kb/HT4225
About the security content of iOS 4 - Apple Support
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple Support
-
http://www.securitytracker.com/id?1023706
Apple Safari Bugs Let Remote Users Cause Arbitrary Code to Be Executed - SecurityTracker
-
http://www.securityfocus.com/bid/38671
RETIRED: Apple Safari Prior to 4.0.5 Multiple Security VulnerabilitiesPatch
-
http://www.securityfocus.com/bid/38676
Apple Safari BMP Image Uninitialized Memory Information Disclosure VulnerabilityPatch
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Apple - Lists.apple.com
Jump to