Sign-up

ID

VAR-201003-0136


CVE

CVE-2010-0056


TITLE

Apple Mac OS X of Cocoa Buffer overflow vulnerability in the spell check function

Trust: 0.8

sources: JVNDB: JVNDB-2010-001238

DESCRIPTION

Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. Apple Mac OS X is prone to a buffer-overflow vulnerability that exists in the AppKit component. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected software. Failed attacks will cause denial-of-service conditions. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it

Trust: 2.07

sources: NVD: CVE-2010-0056 // JVNDB: JVNDB-2010-001238 // BID: 39156 // VULHUB: VHN-42661 // VULMON: CVE-2010-0056

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

sources: BID: 39156 // JVNDB: JVNDB-2010-001238 // CNNVD: CNNVD-201003-451 // NVD: CVE-2010-0056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0056
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0056
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201003-451
value: MEDIUM

Trust: 0.6

VULHUB: VHN-42661
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-0056
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0056
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-42661
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-42661 // VULMON: CVE-2010-0056 // JVNDB: JVNDB-2010-001238 // CNNVD: CNNVD-201003-451 // NVD: CVE-2010-0056

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-42661 // JVNDB: JVNDB-2010-001238 // NVD: CVE-2010-0056

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-451

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201003-451

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001238

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
title:Debian Security Advisories: DSA-2186-1 iceweasel -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1888bf7d3aaca2d7433134162bd28025
Trust: 0.1
sources:
            
            
            VULMON: CVE-2010-0056 // 
            
            
            
            JVNDB: JVNDB-2010-001238

EXTERNAL IDS
db:NVDid:CVE-2010-0056
Trust: 2.9
db:JVNDBid:JVNDB-2010-001238
Trust: 0.8
db:CNNVDid:CNNVD-201003-451
Trust: 0.7
db:NSFOCUSid:14715
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:BIDid:39156
Trust: 0.4
db:VULHUBid:VHN-42661
Trust: 0.1
db:VULMONid:CVE-2010-0056
Trust: 0.1
sources:
            
            
            VULHUB: VHN-42661 // 
            
            
            
            VULMON: CVE-2010-0056 // 
            
            
            
            BID: 39156 // 
            
            
            
            JVNDB: JVNDB-2010-001238 // 
            
            
            
            CNNVD: CNNVD-201003-451 // 
            
            
            
            NVD: CVE-2010-0056

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0056
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0056
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.apple.com/server/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=20150
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-42661 // 
            
            
            
            VULMON: CVE-2010-0056 // 
            
            
            
            BID: 39156 // 
            
            
            
            JVNDB: JVNDB-2010-001238 // 
            
            
            
            CNNVD: CNNVD-201003-451 // 
            
            
            
            NVD: CVE-2010-0056

CREDITS
Michael KisorDamian Put pucik@cc-team.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201003-451

SOURCES
db:VULHUBid:VHN-42661
db:VULMONid:CVE-2010-0056
db:BIDid:39156
db:JVNDBid:JVNDB-2010-001238
db:CNNVDid:CNNVD-201003-451
db:NVDid:CVE-2010-0056

LAST UPDATE DATE
2025-04-11T19:46:54.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-42661date:2010-03-31T00:00:00
db:VULMONid:CVE-2010-0056date:2010-03-31T00:00:00
db:BIDid:39156date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001238date:2010-04-13T00:00:00
db:CNNVDid:CNNVD-201003-451date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0056date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-42661date:2010-03-30T00:00:00
db:VULMONid:CVE-2010-0056date:2010-03-30T00:00:00
db:BIDid:39156date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001238date:2010-04-13T00:00:00
db:CNNVDid:CNNVD-201003-451date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0056date:2010-03-30T17:30:00.407