Details of VAR-201003-0192

ID

VAR-201003-0192

CVE

CVE-2010-0497

TITLE

Apple Mac OS X Disk image arbitrary code execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001251

DESCRIPTION

Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists in the handling of internet enabled disk image files. When a specially crafted Menu Extras plugin is included in the disk image, it is executed without further interaction allowing for arbitrary code execution under the context of the current user. Mac OS X and OS X Server 10.5.8, and 10.6.through 10.6.2 are vulnerable. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4077 -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Brian Mastenbrook -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.7

sources: NVD: CVE-2010-0497 // JVNDB: JVNDB-2010-001251 // ZDI: ZDI-10-039 // BID: 39194 // VULHUB: VHN-43102 // PACKETSTORM: 87996

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.7	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.6.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	lte	version:	10.6.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	os x	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.6.3	Trust: 0.3

sources: ZDI: ZDI-10-039 // BID: 39194 // JVNDB: JVNDB-2010-001251 // CNNVD: CNNVD-201003-460 // NVD: CVE-2010-0497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0497
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0497
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2010-0497
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201003-460
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-43102
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0497
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2010-0497
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-43102
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-10-039 // VULHUB: VHN-43102 // JVNDB: JVNDB-2010-001251 // CNNVD: CNNVD-201003-460 // NVD: CVE-2010-0497

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2010-001251 // NVD: CVE-2010-0497

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 87996 // CNNVD: CNNVD-201003-460

TYPE

Design Error

Trust: 0.9

sources: BID: 39194 // CNNVD: CNNVD-201003-460

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001251

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43102

PATCH

title:	HT4077	url:	http://support.apple.com/kb/HT4077	Trust: 1.5
title:	HT4077	url:	http://support.apple.com/kb/HT4077?viewlocale=ja_JP	Trust: 0.8

sources: ZDI: ZDI-10-039 // JVNDB: JVNDB-2010-001251

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0497	Trust: 3.6
db:	ZDI	id:	ZDI-10-039	Trust: 1.1
db:	JVNDB	id:	JVNDB-2010-001251	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-537	Trust: 0.7
db:	CNNVD	id:	CNNVD-201003-460	Trust: 0.7
db:	NSFOCUS	id:	14715	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2010-03-29-1	Trust: 0.6
db:	BID	id:	39194	Trust: 0.4
db:	PACKETSTORM	id:	87996	Trust: 0.2
db:	VULHUB	id:	VHN-43102	Trust: 0.1

sources: ZDI: ZDI-10-039 // VULHUB: VHN-43102 // BID: 39194 // JVNDB: JVNDB-2010-001251 // PACKETSTORM: 87996 // CNNVD: CNNVD-201003-460 // NVD: CVE-2010-0497

REFERENCES

url:	http://support.apple.com/kb/ht4077	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0497	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0497	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14715	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	/archive/1/510512	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-10-039/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/disclosure_policy/	Trust: 0.1
url:	http://www.zerodayinitiative.com/advisories/zdi-10-039	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://twitter.com/thezdi	Trust: 0.1
url:	http://www.tippingpoint.com	Trust: 0.1
url:	http://www.zerodayinitiative.com	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0497	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1

sources: ZDI: ZDI-10-039 // VULHUB: VHN-43102 // BID: 39194 // JVNDB: JVNDB-2010-001251 // PACKETSTORM: 87996 // CNNVD: CNNVD-201003-460 // NVD: CVE-2010-0497

CREDITS

Brian Mastenbrook

Trust: 0.7

sources: ZDI: ZDI-10-039

SOURCES

db:	ZDI	id:	ZDI-10-039
db:	VULHUB	id:	VHN-43102
db:	BID	id:	39194
db:	JVNDB	id:	JVNDB-2010-001251
db:	PACKETSTORM	id:	87996
db:	CNNVD	id:	CNNVD-201003-460
db:	NVD	id:	CVE-2010-0497

LAST UPDATE DATE

2025-04-11T20:20:11.534000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-10-039	date:	2010-04-02T00:00:00
db:	VULHUB	id:	VHN-43102	date:	2010-03-31T00:00:00
db:	BID	id:	39194	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001251	date:	2010-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201003-460	date:	2010-03-31T00:00:00
db:	NVD	id:	CVE-2010-0497	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-10-039	date:	2010-04-02T00:00:00
db:	VULHUB	id:	VHN-43102	date:	2010-03-30T00:00:00
db:	BID	id:	39194	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001251	date:	2010-04-14T00:00:00
db:	PACKETSTORM	id:	87996	date:	2010-04-03T01:42:33
db:	CNNVD	id:	CNNVD-201003-460	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-0497	date:	2010-03-30T18:30:00.517