CVE-2010-0042

{"id": "CVE-2010-0042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-03-15T13:28:25.403", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://secunia.com/advisories/39135", "source": "product-security@apple.com"}, {"url": "http://secunia.com/advisories/42314", "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4070", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4077", "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4105", "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4225", "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4456", "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/38671", "tags": ["Patch"], "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/38677", "tags": ["Patch"], "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id?1023706", "source": "product-security@apple.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561", "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image."}, {"lang": "es", "value": "ImageIO en Apple Safari anterior a v4.0.5 sobre Windows no se asegura de que el acceso a memoria est\u00e9 asociado con la inicializaci\u00f3n de memoria, lo que permite a atacantes remotos obtener informaci\u00f3n sensible desde los procesos de memoria a trav\u00e9s de im\u00e1genes TIFF manipuladas."}], "lastModified": "2017-09-19T01:30:11.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1816CD6-0159-4684-A54D-94866D3FE570", "versionEndIncluding": "4.0.4"}, {"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628"}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n\r\n'ImageIO\r\nCVE-ID: CVE-2010-0042\r\nAvailable for: Windows 7, Vista, XP\r\nImpact: Visiting a maliciously crafted website may result in sending\r\ndata from Safari's memory to the website\r\nDescription: An uninitialized memory access issue exists in\r\nImageIO's handling of TIFF images. Visiting a maliciously crafted\r\nwebsite may result in sending data from Safari's memory to the\r\nwebsite. This issue is addressed through improved memory handling and\r\nadditional validation of TIFF images. Credit to Matthew 'j00ru'\r\nJurczyk of Hispasec for reporting this issue.'", "sourceIdentifier": "product-security@apple.com", "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n'Safari 4.0.5 is available via the Apple Software Update application,\r\nor Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/'"}