Vulnerability Details : CVE-2010-0042
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
Vulnerability category: Information leak
Products affected by CVE-2010-0042
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0042
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0042
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-0042
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0042
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT4070
About the security content of Safari 4.0.5 - Apple SupportVendor Advisory
-
http://support.apple.com/kb/HT4456
About the security content of iOS 4.2 - Apple Support
-
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Apple - Lists.apple.comVendor Advisory
-
http://support.apple.com/kb/HT4105
About the security content of iTunes 9.1 - Apple Support
-
http://support.apple.com/kb/HT4225
About the security content of iOS 4 - Apple Support
-
http://www.securityfocus.com/bid/38677
Apple Safari TIFF Image Uninitialized Memory Information Disclosure VulnerabilityPatch
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple Support
-
http://www.securitytracker.com/id?1023706
Apple Safari Bugs Let Remote Users Cause Arbitrary Code to Be Executed - SecurityTracker
-
http://www.securityfocus.com/bid/38671
RETIRED: Apple Safari Prior to 4.0.5 Multiple Security VulnerabilitiesPatch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561
Repository / Oval Repository
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Apple - Lists.apple.com
Jump to