CVE-2010-0040 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2010-0040
Status Candidate
Description Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
Severity High
CVSS score 9,3
CVSS vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (24.08.2010)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0040
References APPLE : APPLE-SA-2010-03-11-1
APPLE : APPLE-SA-2010-03-30-2
BID : 38671
BID : 38674
CONFIRM : http://support.apple.com/kb/HT4070
CONFIRM : http://support.apple.com/kb/HT4105
OVAL : oval:org.mitre.oval:def:6741
SECTRACK : 1023706
SECUNIA : 39135
XF : safari-colorsync-bo(56826)
SecurityVulns: WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
Apple QuickTime/iTunes multiple security vulnerabilities
Apple iTunes multiple security uvlnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server