Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2010-0042
Deferred
More InfoOfficial Page
Source-product-security@apple.com
View Known Exploited Vulnerability (KEV) details
Published At-15 Mar, 2010 | 13:28
Updated At-11 Apr, 2025 | 00:51

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Apple Inc.
apple
>>safari>>Versions up to 4.0.4(inclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0.0b
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0.1
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0.2
cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0.3
cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.'
Evaluator Impact

Evaluator Solution

Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlproduct-security@apple.com
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlproduct-security@apple.com
N/A
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlproduct-security@apple.com
N/A
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlproduct-security@apple.com
N/A
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlproduct-security@apple.com
Vendor Advisory
http://secunia.com/advisories/39135product-security@apple.com
N/A
http://secunia.com/advisories/42314product-security@apple.com
N/A
http://support.apple.com/kb/HT4070product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT4077product-security@apple.com
N/A
http://support.apple.com/kb/HT4105product-security@apple.com
N/A
http://support.apple.com/kb/HT4225product-security@apple.com
N/A
http://support.apple.com/kb/HT4456product-security@apple.com
N/A
http://www.securityfocus.com/bid/38671product-security@apple.com
Patch
http://www.securityfocus.com/bid/38677product-security@apple.com
Patch
http://www.securitytracker.com/id?1023706product-security@apple.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561product-security@apple.com
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/39135af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42314af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4070af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT4077af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4105af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4225af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4456af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/38671af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/38677af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1023706af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39135
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42314
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4070
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4077
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4105
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4225
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4456
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38671
Source: product-security@apple.com
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/38677
Source: product-security@apple.com
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1023706
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39135
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42314
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4070
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4105
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4225
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4456
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38671
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/38677
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1023706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found