Sign-up

ID

VAR-201011-0152


CVE

CVE-2010-3784


TITLE

Apple Mac OS X of Printing Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002428

DESCRIPTION

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. Attackers can exploit this issue to crash the application using the vulnerable API, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4

Trust: 1.98

sources: NVD: CVE-2010-3784 // JVNDB: JVNDB-2010-002428 // BID: 44835 // VULHUB: VHN-46389

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44835 // JVNDB: JVNDB-2010-002428 // CNNVD: CNNVD-201011-170 // NVD: CVE-2010-3784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3784
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3784
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-170
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46389
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3784
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46389
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46389 // JVNDB: JVNDB-2010-002428 // CNNVD: CNNVD-201011-170 // NVD: CVE-2010-3784

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2010-002428 // NVD: CVE-2010-3784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-170

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201011-170

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002428

PATCH
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002428

EXTERNAL IDS
db:NVDid:CVE-2010-3784
Trust: 2.8
db:SECTRACKid:1024723
Trust: 1.1
db:JVNDBid:JVNDB-2010-002428
Trust: 0.8
db:CNNVDid:CNNVD-201011-170
Trust: 0.7
db:APPLEid:APPLE-SA-2010-11-10-1
Trust: 0.6
db:BIDid:44835
Trust: 0.4
db:VULHUBid:VHN-46389
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46389 // 
            
            
            
            BID: 44835 // 
            
            
            
            JVNDB: JVNDB-2010-002428 // 
            
            
            
            CNNVD: CNNVD-201011-170 // 
            
            
            
            NVD: CVE-2010-3784

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht4435
Trust: 1.7
url:http://www.securitytracker.com/id?1024723
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3784
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3784
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.securityfocus.com/advisories/20899
Trust: 0.3
sources:
            
            
            VULHUB: VHN-46389 // 
            
            
            
            BID: 44835 // 
            
            
            
            JVNDB: JVNDB-2010-002428 // 
            
            
            
            CNNVD: CNNVD-201011-170 // 
            
            
            
            NVD: CVE-2010-3784

CREDITS
Wujun Li of Microsoft.
Trust: 0.9
sources:
            
            
            BID: 44835 // 
            
            
            
            CNNVD: CNNVD-201011-170

SOURCES
db:VULHUBid:VHN-46389
db:BIDid:44835
db:JVNDBid:JVNDB-2010-002428
db:CNNVDid:CNNVD-201011-170
db:NVDid:CVE-2010-3784

LAST UPDATE DATE
2025-04-11T22:03:56.320000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46389date:2010-12-10T00:00:00
db:BIDid:44835date:2010-11-12T18:37:00
db:JVNDBid:JVNDB-2010-002428date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-170date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3784date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-46389date:2010-11-16T00:00:00
db:BIDid:44835date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002428date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-170date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3784date:2010-11-16T22:00:15.993