Sign-up

ID

VAR-201003-0221


CVE

CVE-2010-0516


TITLE

Apple Mac OS X of QuickTime Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001272

DESCRIPTION

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of samples from a malformed .mov file utilizing the RLE codec. While decoding RLE data, the application will fail to validate the size when decompressing the data into a heap chunk. If the length is larger than the size of the chunk allocated, then a memory corruption will occur which can lead to code execution under the context of the currently logged in user. Apple QuickTime is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data when viewing RLE-encoded movie files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. The following are vulnerable: Mac OS X 10.6 prior to 10.6.3 Mac OS X Server 10.6 prior to 10.6.3 QuickTime 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. -- Vendor Response: -- Disclosure Timeline: 2009-08-10 - Vulnerability reported to vendor 2010-04-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.7

sources: NVD: CVE-2010-0516 // JVNDB: JVNDB-2010-001272 // ZDI: ZDI-10-040 // BID: 39165 // VULHUB: VHN-43121 // PACKETSTORM: 87997

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.6

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.3

Trust: 0.3

sources: ZDI: ZDI-10-040 // BID: 39165 // JVNDB: JVNDB-2010-001272 // CNNVD: CNNVD-201003-478 // NVD: CVE-2010-0516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0516
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0516
value: MEDIUM

Trust: 0.8

ZDI: CVE-2010-0516
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201003-478
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43121
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0516
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2010-0516
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-43121
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-040 // VULHUB: VHN-43121 // JVNDB: JVNDB-2010-001272 // CNNVD: CNNVD-201003-478 // NVD: CVE-2010-0516

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-43121 // JVNDB: JVNDB-2010-001272 // NVD: CVE-2010-0516

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 87997 // CNNVD: CNNVD-201003-478

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201003-478

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001272

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43121

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 0.8
title:HT4104url:http://support.apple.com/kb/HT4104
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
title:HT4104url:http://support.apple.com/kb/HT4104?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001272

EXTERNAL IDS
db:NVDid:CVE-2010-0516
Trust: 3.6
db:ZDIid:ZDI-10-040
Trust: 2.2
db:JVNDBid:JVNDB-2010-001272
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-545
Trust: 0.7
db:CNNVDid:CNNVD-201003-478
Trust: 0.7
db:APPLEid:APPLE-SA-2010-03-30-1
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:NSFOCUSid:14715
Trust: 0.6
db:BIDid:39165
Trust: 0.4
db:PACKETSTORMid:87997
Trust: 0.2
db:VULHUBid:VHN-43121
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-040 // 
            
            
            
            VULHUB: VHN-43121 // 
            
            
            
            BID: 39165 // 
            
            
            
            JVNDB: JVNDB-2010-001272 // 
            
            
            
            PACKETSTORM: 87997 // 
            
            
            
            CNNVD: CNNVD-201003-478 // 
            
            
            
            NVD: CVE-2010-0516

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00002.html
Trust: 1.7
url:http://support.apple.com/kb/ht4077
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-10-040
Trust: 1.2
url:http://www.securityfocus.com/archive/1/510513/100/0/threaded
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7062
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0516
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0516
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:/archive/1/510513
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-040/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://twitter.com/thezdi
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0516
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43121 // 
            
            
            
            BID: 39165 // 
            
            
            
            JVNDB: JVNDB-2010-001272 // 
            
            
            
            PACKETSTORM: 87997 // 
            
            
            
            CNNVD: CNNVD-201003-478 // 
            
            
            
            NVD: CVE-2010-0516

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-10-040

SOURCES
db:ZDIid:ZDI-10-040
db:VULHUBid:VHN-43121
db:BIDid:39165
db:JVNDBid:JVNDB-2010-001272
db:PACKETSTORMid:87997
db:CNNVDid:CNNVD-201003-478
db:NVDid:CVE-2010-0516

LAST UPDATE DATE
2025-04-11T21:49:11.900000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-10-040date:2010-04-02T00:00:00
db:VULHUBid:VHN-43121date:2018-10-10T00:00:00
db:BIDid:39165date:2010-04-02T18:22:00
db:JVNDBid:JVNDB-2010-001272date:2010-04-15T00:00:00
db:CNNVDid:CNNVD-201003-478date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0516date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-10-040date:2010-04-02T00:00:00
db:VULHUBid:VHN-43121date:2010-03-30T00:00:00
db:BIDid:39165date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001272date:2010-04-15T00:00:00
db:PACKETSTORMid:87997date:2010-04-03T01:43:10
db:CNNVDid:CNNVD-201003-478date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0516date:2010-03-30T18:30:01.063