Sign-up

ID

VAR-201006-0054


CVE

CVE-2010-0543


TITLE

Apple Mac OS X of ImageIO Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001652

DESCRIPTION

ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. Attackers can exploit this issue to execute arbitrary code; failed attacks will result in a denial-of-service condition. This issue affects Mac OS X 10.5.8 and Mac OS X Server 10.5.8. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability

Trust: 2.25

sources: NVD: CVE-2010-0543 // JVNDB: JVNDB-2010-001652 // BID: 40894 // BID: 40871 // VULHUB: VHN-43148

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

sources: BID: 40894 // BID: 40871 // JVNDB: JVNDB-2010-001652 // CNNVD: CNNVD-201006-282 // NVD: CVE-2010-0543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0543
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0543
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-282
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43148
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0543
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43148
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43148 // JVNDB: JVNDB-2010-001652 // CNNVD: CNNVD-201006-282 // NVD: CVE-2010-0543

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-43148 // JVNDB: JVNDB-2010-001652 // NVD: CVE-2010-0543

THREAT TYPE

network

Trust: 0.6

sources: BID: 40894 // BID: 40871

TYPE

Unknown

Trust: 0.6

sources: BID: 40894 // BID: 40871

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001652

PATCH
title:HT4188url:http://support.apple.com/kb/HT4188
Trust: 0.8
title:HT4188url:http://support.apple.com/kb/HT4188?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001652

EXTERNAL IDS
db:NVDid:CVE-2010-0543
Trust: 2.8
db:VUPENid:ADV-2010-1481
Trust: 2.5
db:SECUNIAid:40220
Trust: 2.5
db:SECTRACKid:1024103
Trust: 2.5
db:BIDid:40871
Trust: 2.0
db:JVNDBid:JVNDB-2010-001652
Trust: 0.8
db:CNNVDid:CNNVD-201006-282
Trust: 0.7
db:APPLEid:APPLE-SA-2010-06-15-1
Trust: 0.6
db:BIDid:40894
Trust: 0.4
db:VULHUBid:VHN-43148
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43148 // 
            
            
            
            BID: 40894 // 
            
            
            
            BID: 40871 // 
            
            
            
            JVNDB: JVNDB-2010-001652 // 
            
            
            
            CNNVD: CNNVD-201006-282 // 
            
            
            
            NVD: CVE-2010-0543

REFERENCES
url:http://securitytracker.com/id?1024103
Trust: 2.5
url:http://secunia.com/advisories/40220
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/1481
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/40871
Trust: 1.7
url:http://support.apple.com/kb/ht4188
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0543
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0543
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-43148 // 
            
            
            
            BID: 40894 // 
            
            
            
            BID: 40871 // 
            
            
            
            JVNDB: JVNDB-2010-001652 // 
            
            
            
            CNNVD: CNNVD-201006-282 // 
            
            
            
            NVD: CVE-2010-0543

CREDITS
Apple; Adrian 'pagvac' Pastor of GNUCITIZEN, and Tim Starling; Tim Waugh; Luca Carettoni; Michi Ruepp of pianobakery.com; Clint Ruoho of Laconic Security; Kevin Finisterre of digitalmunition.com; MIT Kerberos Team; Joel Johnson, Debian, Brian Almeida; Emm
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201006-282

SOURCES
db:VULHUBid:VHN-43148
db:BIDid:40894
db:BIDid:40871
db:JVNDBid:JVNDB-2010-001652
db:CNNVDid:CNNVD-201006-282
db:NVDid:CVE-2010-0543

LAST UPDATE DATE
2025-04-11T21:54:31.423000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43148date:2010-06-17T00:00:00
db:BIDid:40894date:2010-06-15T00:00:00
db:BIDid:40871date:2010-06-16T21:59:00
db:JVNDBid:JVNDB-2010-001652date:2010-07-09T00:00:00
db:CNNVDid:CNNVD-201006-282date:2010-06-21T00:00:00
db:NVDid:CVE-2010-0543date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43148date:2010-06-17T00:00:00
db:BIDid:40894date:2010-06-15T00:00:00
db:BIDid:40871date:2010-06-15T00:00:00
db:JVNDBid:JVNDB-2010-001652date:2010-07-09T00:00:00
db:CNNVDid:CNNVD-201006-282date:2010-06-18T00:00:00
db:NVDid:CVE-2010-0543date:2010-06-17T16:30:01.403