Sign-up

ID

VAR-201001-0684


CVE

CVE-2010-0036


TITLE

Apple Mac OS X of CoreAudio Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001041

DESCRIPTION

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the CoreAudio component. Successful exploits may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior Mac OS X 10.6.2 and prior Mac OS X Server 10.6.2 and prior. Users who are tricked into opening malicious mp4 files can cause denial of service or execute arbitrary commands. 2) An error in CUPS can be exploited to cause a DoS (Denial of Service). For more information: SA37364 3) Multiple vulnerabilities in the Flash Player plug-in can be exploited to gain knowledge of system information or compromise a user's system. For more information: SA37584 4) A vulnerability in ImageIO can be exploited to cause a DoS or to potentially compromise a user's system. For more information: SA35515 5) A boundary error in Image RAW can be exploited to cause a buffer overflow via a specially crafted DNG image. 6) A vulnerability in OpenSSL can be exploited to manipulate certain data. For more information: SA37291 SOLUTION: Apply Security Update 2010-001. Security Update 2010-001 (Snow Leopard): http://support.apple.com/kb/DL994 Security Update 2010-001 Server (Leopard): http://support.apple.com/kb/DL992 Security Update 2010-001 Client (Leopard): http://support.apple.com/kb/DL993 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tobias Klein, trapkit.de 3) Damian Put, TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR) 5) Jason Carr, Carnegie Mellon University Computing Services 6) Steve Dispensa and Marsh Ray, PhoneFactor, Inc. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4004 OTHER REFERENCES: SA35515: http://secunia.com/advisories/35515/ SA37291: http://secunia.com/advisories/37291/ SA37364: http://secunia.com/advisories/37364/ SA37584: http://secunia.com/advisories/37584/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-0036 // JVNDB: JVNDB-2010-001041 // BID: 37868 // VULHUB: VHN-42641 // PACKETSTORM: 85459

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.2

Trust: 0.8

vendor:applemodel:iosscope:eqversion:1.0 to 3.1.2

Trust: 0.8

vendor:applemodel:ios for ipod touchscope:eqversion:1.1 to 3.1.2

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:neversion:3.1.3

Trust: 0.3

sources: BID: 37868 // JVNDB: JVNDB-2010-001041 // CNNVD: CNNVD-201001-199 // NVD: CVE-2010-0036

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0036
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2010-0036
value: HIGH

Trust: 1.0

NVD: CVE-2010-0036
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201001-199
value: CRITICAL

Trust: 0.6

VULHUB: VHN-42641
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-0036
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-42641
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2010-0036
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-42641 // JVNDB: JVNDB-2010-001041 // CNNVD: CNNVD-201001-199 // NVD: CVE-2010-0036 // NVD: CVE-2010-0036

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-42641 // JVNDB: JVNDB-2010-001041 // NVD: CVE-2010-0036

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-199

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201001-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001041

PATCH
title:HT4004url:http://support.apple.com/kb/HT4004
Trust: 0.8
title:HT4013url:http://support.apple.com/kb/HT4013
Trust: 0.8
title:HT4004url:http://support.apple.com/kb/HT4004?viewlocale=ja_JP
Trust: 0.8
title:HT4013url:http://support.apple.com/kb/HT4013?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001041

EXTERNAL IDS
db:BIDid:37868
Trust: 2.8
db:NVDid:CVE-2010-0036
Trust: 2.8
db:SECUNIAid:38241
Trust: 2.6
db:VUPENid:ADV-2010-0173
Trust: 2.5
db:SECTRACKid:1023472
Trust: 2.5
db:XFid:55746
Trust: 1.4
db:JVNDBid:JVNDB-2010-001041
Trust: 0.8
db:APPLEid:APPLE-SA-2010-01-19-1
Trust: 0.6
db:APPLEid:APPLE-SA-2010-02-02-1
Trust: 0.6
db:XFid:4
Trust: 0.6
db:NSFOCUSid:14375
Trust: 0.6
db:CNNVDid:CNNVD-201001-199
Trust: 0.6
db:VULHUBid:VHN-42641
Trust: 0.1
db:PACKETSTORMid:85459
Trust: 0.1
sources:
            
            
            VULHUB: VHN-42641 // 
            
            
            
            BID: 37868 // 
            
            
            
            JVNDB: JVNDB-2010-001041 // 
            
            
            
            PACKETSTORM: 85459 // 
            
            
            
            CNNVD: CNNVD-201001-199 // 
            
            
            
            NVD: CVE-2010-0036

REFERENCES
url:http://www.securityfocus.com/bid/37868
Trust: 2.5
url:http://www.securitytracker.com/id?1023472
Trust: 2.5
url:http://secunia.com/advisories/38241
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/0173
Trust: 2.5
url:http://support.apple.com/kb/ht4004
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010/feb/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht4013
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/55746
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/55746
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0036
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0036
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14375
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://secunia.com/advisories/38241/
Trust: 0.1
url:http://secunia.com/advisories/37364/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://support.apple.com/kb/dl993
Trust: 0.1
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://support.apple.com/kb/dl994
Trust: 0.1
url:http://support.apple.com/kb/dl992
Trust: 0.1
url:http://secunia.com/advisories/35515/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/37291/
Trust: 0.1
url:http://secunia.com/advisories/37584/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-42641 // 
            
            
            
            BID: 37868 // 
            
            
            
            JVNDB: JVNDB-2010-001041 // 
            
            
            
            PACKETSTORM: 85459 // 
            
            
            
            CNNVD: CNNVD-201001-199 // 
            
            
            
            NVD: CVE-2010-0036

CREDITS
Tobias Klein
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201001-199

SOURCES
db:VULHUBid:VHN-42641
db:BIDid:37868
db:JVNDBid:JVNDB-2010-001041
db:PACKETSTORMid:85459
db:CNNVDid:CNNVD-201001-199
db:NVDid:CVE-2010-0036

LAST UPDATE DATE
2025-04-11T22:09:05.153000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-42641date:2017-08-17T00:00:00
db:BIDid:37868date:2010-02-02T18:31:00
db:JVNDBid:JVNDB-2010-001041date:2010-02-16T00:00:00
db:CNNVDid:CNNVD-201001-199date:2010-01-23T00:00:00
db:NVDid:CVE-2010-0036date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-42641date:2010-01-20T00:00:00
db:BIDid:37868date:2010-01-19T00:00:00
db:JVNDBid:JVNDB-2010-001041date:2010-02-16T00:00:00
db:PACKETSTORMid:85459date:2010-01-20T06:30:55
db:CNNVDid:CNNVD-201001-199date:2010-01-20T00:00:00
db:NVDid:CVE-2010-0036date:2010-01-20T16:30:00.367