ID

VAR-201011-0152


CVE

CVE-2010-3784


TITLE

Apple Mac OS X of Printing Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002428

DESCRIPTION

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. Attackers can exploit this issue to crash the application using the vulnerable API, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4

Trust: 1.98

sources: NVD: CVE-2010-3784 // JVNDB: JVNDB-2010-002428 // BID: 44835 // VULHUB: VHN-46389

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44835 // JVNDB: JVNDB-2010-002428 // CNNVD: CNNVD-201011-170 // NVD: CVE-2010-3784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3784
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3784
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-170
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46389
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3784
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46389
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46389 // JVNDB: JVNDB-2010-002428 // CNNVD: CNNVD-201011-170 // NVD: CVE-2010-3784

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2010-002428 // NVD: CVE-2010-3784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-170

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201011-170

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002428

PATCH

title:HT4435url:http://support.apple.com/kb/HT4435

Trust: 0.8

title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2010-002428

EXTERNAL IDS

db:NVDid:CVE-2010-3784

Trust: 2.8

db:SECTRACKid:1024723

Trust: 1.1

db:JVNDBid:JVNDB-2010-002428

Trust: 0.8

db:CNNVDid:CNNVD-201011-170

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-10-1

Trust: 0.6

db:BIDid:44835

Trust: 0.4

db:VULHUBid:VHN-46389

Trust: 0.1

sources: VULHUB: VHN-46389 // BID: 44835 // JVNDB: JVNDB-2010-002428 // CNNVD: CNNVD-201011-170 // NVD: CVE-2010-3784

REFERENCES

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html

Trust: 1.7

url:http://support.apple.com/kb/ht4435

Trust: 1.7

url:http://www.securitytracker.com/id?1024723

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3784

Trust: 0.8

url:http://jvn.jp/cert/jvnvu331391

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3784

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.securityfocus.com/advisories/20899

Trust: 0.3

sources: VULHUB: VHN-46389 // BID: 44835 // JVNDB: JVNDB-2010-002428 // CNNVD: CNNVD-201011-170 // NVD: CVE-2010-3784

CREDITS

Wujun Li of Microsoft.

Trust: 0.9

sources: BID: 44835 // CNNVD: CNNVD-201011-170

SOURCES

db:VULHUBid:VHN-46389
db:BIDid:44835
db:JVNDBid:JVNDB-2010-002428
db:CNNVDid:CNNVD-201011-170
db:NVDid:CVE-2010-3784

LAST UPDATE DATE

2025-04-11T22:03:56.320000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-46389date:2010-12-10T00:00:00
db:BIDid:44835date:2010-11-12T18:37:00
db:JVNDBid:JVNDB-2010-002428date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-170date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3784date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-46389date:2010-11-16T00:00:00
db:BIDid:44835date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002428date:2010-12-01T00:00:00
db:CNNVDid:CNNVD-201011-170date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3784date:2010-11-16T22:00:15.993