Sign-up

ID

VAR-201003-0139


CVE

CVE-2010-0059


TITLE

Apple Mac OS X of CoreAudio Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001243

DESCRIPTION

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the rendering of an audio stream utilizing QDesign's audio codec. The application will perform an allocation utilizing a field specified in the sample's description. Later when initializing the buffer, the application will utilize a different length. If the lengths differ, then a buffer overflow will occur. This can lead to code execution under the context of the currently logged in user. Apple QuickTime is prone to a memory-corruption vulnerability when parsing QDM2 and QDCA encoded audio data. Failed exploit attempts will likely result in a denial-of-service condition. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. Mac OS X is the operating system used by the Apple family of machines. A buffer overflow vulnerability exists in CoreAudio versions of Apple Mac OS prior to 10.6.3. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.7

sources: NVD: CVE-2010-0059 // JVNDB: JVNDB-2010-001243 // ZDI: ZDI-10-041 // BID: 39160 // VULHUB: VHN-42664 // PACKETSTORM: 87998

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.6

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.3

Trust: 0.3

sources: ZDI: ZDI-10-041 // BID: 39160 // JVNDB: JVNDB-2010-001243 // CNNVD: CNNVD-201003-454 // NVD: CVE-2010-0059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0059
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0059
value: MEDIUM

Trust: 0.8

ZDI: CVE-2010-0059
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201003-454
value: MEDIUM

Trust: 0.6

VULHUB: VHN-42664
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0059
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2010-0059
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-42664
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-041 // VULHUB: VHN-42664 // JVNDB: JVNDB-2010-001243 // CNNVD: CNNVD-201003-454 // NVD: CVE-2010-0059

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-42664 // JVNDB: JVNDB-2010-001243 // NVD: CVE-2010-0059

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 87998 // CNNVD: CNNVD-201003-454

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201003-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001243

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-42664

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 1.5
title:HT4104url:http://support.apple.com/kb/HT4104
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
title:HT4104url:http://support.apple.com/kb/HT4104?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            ZDI: ZDI-10-041 // 
            
            
            
            JVNDB: JVNDB-2010-001243

EXTERNAL IDS
db:NVDid:CVE-2010-0059
Trust: 3.6
db:ZDIid:ZDI-10-041
Trust: 2.2
db:JVNDBid:JVNDB-2010-001243
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-546
Trust: 0.7
db:CNNVDid:CNNVD-201003-454
Trust: 0.7
db:APPLEid:APPLE-SA-2010-03-30-1
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:NSFOCUSid:14715
Trust: 0.6
db:BIDid:39160
Trust: 0.4
db:PACKETSTORMid:87998
Trust: 0.2
db:VULHUBid:VHN-42664
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-041 // 
            
            
            
            VULHUB: VHN-42664 // 
            
            
            
            BID: 39160 // 
            
            
            
            JVNDB: JVNDB-2010-001243 // 
            
            
            
            PACKETSTORM: 87998 // 
            
            
            
            CNNVD: CNNVD-201003-454 // 
            
            
            
            NVD: CVE-2010-0059

REFERENCES
url:http://support.apple.com/kb/ht4077
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00002.html
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-10-041
Trust: 1.2
url:http://www.securityfocus.com/archive/1/510517/100/0/threaded
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6922
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0059
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0059
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:/archive/1/510517
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-041/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://twitter.com/thezdi
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0059
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-041 // 
            
            
            
            VULHUB: VHN-42664 // 
            
            
            
            BID: 39160 // 
            
            
            
            JVNDB: JVNDB-2010-001243 // 
            
            
            
            PACKETSTORM: 87998 // 
            
            
            
            CNNVD: CNNVD-201003-454 // 
            
            
            
            NVD: CVE-2010-0059

CREDITS
AnonymousAnonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-10-041

SOURCES
db:ZDIid:ZDI-10-041
db:VULHUBid:VHN-42664
db:BIDid:39160
db:JVNDBid:JVNDB-2010-001243
db:PACKETSTORMid:87998
db:CNNVDid:CNNVD-201003-454
db:NVDid:CVE-2010-0059

LAST UPDATE DATE
2025-04-11T20:05:47.894000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-10-041date:2010-04-02T00:00:00
db:VULHUBid:VHN-42664date:2018-10-10T00:00:00
db:BIDid:39160date:2010-04-02T20:32:00
db:JVNDBid:JVNDB-2010-001243date:2010-04-13T00:00:00
db:CNNVDid:CNNVD-201003-454date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0059date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-10-041date:2010-04-02T00:00:00
db:VULHUBid:VHN-42664date:2010-03-30T00:00:00
db:BIDid:39160date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001243date:2010-04-13T00:00:00
db:PACKETSTORMid:87998date:2010-04-03T01:43:24
db:CNNVDid:CNNVD-201003-454date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0059date:2010-03-30T17:30:00.563