CVE-2010-0040
🟠 Łataj w tym tygodniu
Przepełnienie bufora w Apple Safari i iTunes umożliwia zdalne wykonanie kodu.
CVSS
9.3
EPSS
19.8%
Exploit
none
Vendor
apple
Opis źródłowy (NVD)
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
buffer-overflow dos
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 19.8% |
| Opublikowano (NVD) | 2010-03-15 13:28:25 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html (product-security@apple.com)
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html (product-security@apple.com) [Vendor Advisory]
- http://secunia.com/advisories/39135 (product-security@apple.com)
- http://support.apple.com/kb/HT4070 (product-security@apple.com) [Vendor Advisory]
- http://support.apple.com/kb/HT4105 (product-security@apple.com)
- http://www.securityfocus.com/bid/38671 (product-security@apple.com) [Patch]
- http://www.securityfocus.com/bid/38674 (product-security@apple.com) [Patch]
- http://www.securitytracker.com/id?1023706 (product-security@apple.com)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56826 (product-security@apple.com)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6741 (product-security@apple.com)