Sign-up

ID

VAR-201003-0140


CVE

CVE-2010-0060


TITLE

Apple Mac OS X of CoreAudio Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001244

DESCRIPTION

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the QuickTimeAudioSupport.qtx library when parsing malformed QDMC and QDM2 codec atoms. By modifying specific values within the stream an attacker can cause heap corruption which can lead to arbitrary code execution under the context of the currently logged in user. Apple QuickTime is prone to a memory-corruption vulnerability when decoding QDMC and QDMC2 encoded atoms. Failed exploit attempts will likely result in a denial-of-service condition. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. Mac OS X is the operating system used by the Apple family of machines. A buffer overflow vulnerability exists in CoreAudio for Apple Mac OS. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-09-22 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.7

sources: NVD: CVE-2010-0060 // JVNDB: JVNDB-2010-001244 // ZDI: ZDI-10-038 // BID: 39164 // VULHUB: VHN-42665 // PACKETSTORM: 87995

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.6

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.3

Trust: 0.3

sources: ZDI: ZDI-10-038 // BID: 39164 // JVNDB: JVNDB-2010-001244 // CNNVD: CNNVD-201003-455 // NVD: CVE-2010-0060

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0060
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0060
value: MEDIUM

Trust: 0.8

ZDI: CVE-2010-0060
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201003-455
value: MEDIUM

Trust: 0.6

VULHUB: VHN-42665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0060
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2010-0060
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-42665
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-038 // VULHUB: VHN-42665 // JVNDB: JVNDB-2010-001244 // CNNVD: CNNVD-201003-455 // NVD: CVE-2010-0060

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-42665 // JVNDB: JVNDB-2010-001244 // NVD: CVE-2010-0060

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 87995 // CNNVD: CNNVD-201003-455

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201003-455

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001244

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-42665

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 1.5
title:HT4104url:http://support.apple.com/kb/HT4104
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
title:HT4104url:http://support.apple.com/kb/HT4104?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            ZDI: ZDI-10-038 // 
            
            
            
            JVNDB: JVNDB-2010-001244

EXTERNAL IDS
db:NVDid:CVE-2010-0060
Trust: 3.6
db:ZDIid:ZDI-10-038
Trust: 1.1
db:JVNDBid:JVNDB-2010-001244
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-534
Trust: 0.7
db:CNNVDid:CNNVD-201003-455
Trust: 0.7
db:APPLEid:APPLE-SA-2010-03-30-1
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:NSFOCUSid:14715
Trust: 0.6
db:BIDid:39164
Trust: 0.4
db:PACKETSTORMid:87995
Trust: 0.2
db:VULHUBid:VHN-42665
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-038 // 
            
            
            
            VULHUB: VHN-42665 // 
            
            
            
            BID: 39164 // 
            
            
            
            JVNDB: JVNDB-2010-001244 // 
            
            
            
            PACKETSTORM: 87995 // 
            
            
            
            CNNVD: CNNVD-201003-455 // 
            
            
            
            NVD: CVE-2010-0060

REFERENCES
url:http://support.apple.com/kb/ht4077
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00002.html
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7513
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0060
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0060
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:/archive/1/510505
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-038/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0060
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://twitter.com/thezdi
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-10-038
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-038 // 
            
            
            
            VULHUB: VHN-42665 // 
            
            
            
            BID: 39164 // 
            
            
            
            JVNDB: JVNDB-2010-001244 // 
            
            
            
            PACKETSTORM: 87995 // 
            
            
            
            CNNVD: CNNVD-201003-455 // 
            
            
            
            NVD: CVE-2010-0060

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-10-038

SOURCES
db:ZDIid:ZDI-10-038
db:VULHUBid:VHN-42665
db:BIDid:39164
db:JVNDBid:JVNDB-2010-001244
db:PACKETSTORMid:87995
db:CNNVDid:CNNVD-201003-455
db:NVDid:CVE-2010-0060

LAST UPDATE DATE
2025-04-11T22:03:10.335000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-10-038date:2010-04-02T00:00:00
db:VULHUBid:VHN-42665date:2017-09-19T00:00:00
db:BIDid:39164date:2010-04-01T00:00:00
db:JVNDBid:JVNDB-2010-001244date:2010-04-13T00:00:00
db:CNNVDid:CNNVD-201003-455date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0060date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-10-038date:2010-04-02T00:00:00
db:VULHUBid:VHN-42665date:2010-03-30T00:00:00
db:BIDid:39164date:2010-04-01T00:00:00
db:JVNDBid:JVNDB-2010-001244date:2010-04-13T00:00:00
db:PACKETSTORMid:87995date:2010-04-03T01:42:13
db:CNNVDid:CNNVD-201003-455date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0060date:2010-03-30T18:30:00.360