Sign-up

ID

VAR-201011-0020


CVE

CVE-2010-4010


TITLE

Apple Mac OS X of Apple Type Services Integer sign error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-002466

DESCRIPTION

Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Apple Mac OS X is prone to a remote code-execution vulnerability that exists in the ATSServer component. An attacker can exploit this issue by enticing an unsuspecting victim to do one of the following: 1. Create a thumbnail of an image file. 2. Open an image using the Preview application. 3. View a file that is hosted on a webserver. 4. View an embedded file contained in an email. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue only affects Apple Mac OS X 10.5. NOTE: This issue may be related to a vulnerability discussed in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities)

Trust: 2.25

sources: NVD: CVE-2010-4010 // JVNDB: JVNDB-2010-002466 // BID: 44729 // BID: 44984 // VULHUB: VHN-46615

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6

Trust: 0.3

sources: BID: 44729 // BID: 44984 // JVNDB: JVNDB-2010-002466 // CNNVD: CNNVD-201011-185 // NVD: CVE-2010-4010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4010
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4010
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-185
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46615
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4010
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46615
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46615 // JVNDB: JVNDB-2010-002466 // CNNVD: CNNVD-201011-185 // NVD: CVE-2010-4010

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-46615 // JVNDB: JVNDB-2010-002466 // NVD: CVE-2010-4010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-185

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201011-185

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002466

PATCH
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
title:MacOSXUpdCombo10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35034
Trust: 0.6
title:MacOSXUpd10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35033
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-002466 // 
            
            
            
            CNNVD: CNNVD-201011-185

EXTERNAL IDS
db:NVDid:CVE-2010-4010
Trust: 3.1
db:XFid:63170
Trust: 1.4
db:JVNDBid:JVNDB-2010-002466
Trust: 0.8
db:CNNVDid:CNNVD-201011-185
Trust: 0.7
db:APPLEid:APPLE-SA-2010-11-10-1
Trust: 0.6
db:BIDid:44729
Trust: 0.4
db:BIDid:44984
Trust: 0.4
db:VULHUBid:VHN-46615
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46615 // 
            
            
            
            BID: 44729 // 
            
            
            
            BID: 44984 // 
            
            
            
            JVNDB: JVNDB-2010-002466 // 
            
            
            
            CNNVD: CNNVD-201011-185 // 
            
            
            
            NVD: CVE-2010-4010

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht4435
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/63170
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/63170
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4010
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4010
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
url:http://www.coresecurity.com/content/apple-osx-atsserver-charstrings-sign-mismatch
Trust: 0.3
sources:
            
            
            VULHUB: VHN-46615 // 
            
            
            
            BID: 44729 // 
            
            
            
            BID: 44984 // 
            
            
            
            JVNDB: JVNDB-2010-002466 // 
            
            
            
            CNNVD: CNNVD-201011-185 // 
            
            
            
            NVD: CVE-2010-4010

CREDITS
Anibal Sacco and Matias Eissler of Core Security Technologies.
Trust: 0.3
sources:
            
            
            BID: 44729

SOURCES
db:VULHUBid:VHN-46615
db:BIDid:44729
db:BIDid:44984
db:JVNDBid:JVNDB-2010-002466
db:CNNVDid:CNNVD-201011-185
db:NVDid:CVE-2010-4010

LAST UPDATE DATE
2025-04-11T22:25:50.535000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46615date:2017-08-17T00:00:00
db:BIDid:44729date:2010-11-19T20:06:00
db:BIDid:44984date:2010-11-19T18:36:00
db:JVNDBid:JVNDB-2010-002466date:2010-12-09T00:00:00
db:CNNVDid:CNNVD-201011-185date:2010-11-18T00:00:00
db:NVDid:CVE-2010-4010date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-46615date:2010-11-16T00:00:00
db:BIDid:44729date:2010-11-08T00:00:00
db:BIDid:44984date:2010-11-12T00:00:00
db:JVNDBid:JVNDB-2010-002466date:2010-12-09T00:00:00
db:CNNVDid:CNNVD-201011-185date:2010-11-18T00:00:00
db:NVDid:CVE-2010-4010date:2010-11-16T23:18:55.370