Details of VAR-201011-0153

ID

VAR-201011-0153

CVE

CVE-2010-3785

TITLE

Apple Mac OS X of QuickLook Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2010-002429

DESCRIPTION

Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the QuickLook feature. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. CVE-ID CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs Numbers for iOS v1.5 is available for download via the App Store. To check the current version of software, select "Settings -> Numbers -> Version". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-2 iWork 9.1 Update iWork 9.1 Update is now available and addresses the following: Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-3785 : Apple Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs Pages Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-1417 : Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative iWork 9.1 Update is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: iWork9.1Update.dmg Its SHA-1 digest is: ecb38db74d7d1954cbcee9220c73dac85cace3e1 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOKcGrAAoJEGnF2JsdZQeewcYH/RhHdLa6x14PX+ZTC+sm1Mjc W1xBpOxMuBpAx3Li6INXXLvMablTgPIs5e3pbtsV0RYtsJy99JdPySPI8bpQu0Si CVWuXXSBYy2gdTtRAf6MI3j+oOyM1JhE7GunLBWcmAzv5TxS8TRf0HtNErFEe8NA StV8QBWLErNyHxqjUQsIb5d1KbIbOysFQZy3O6pyZ6SRwr8tlIPKnY4KsaDYS5Ry tpv3lMysde5NqCy8BeOQEtW/WAmE7i9NCCNfU2L+OfGQOXIdXmKl7Orjj+d9l23L umGo9GCACvBVO1Ot6jKDlCW+ZuDRGuz+fhQnwOdyoqtwUwiNCsS6VIwuYYrcmxw= =wrny -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2010-3785 // JVNDB: JVNDB-2010-002429 // BID: 44812 // VULHUB: VHN-46390 // VULMON: CVE-2010-3785 // PACKETSTORM: 105743 // PACKETSTORM: 103386

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6 to v10.6.4	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.4	Trust: 0.8
vendor:	apple	model:	iwork	scope:	eq	version:	9.0 to 9.0.5	Trust: 0.8
vendor:	apple	model:	numbers for ios	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	iwork	scope:	eq	version:	9.0.5	Trust: 0.3
vendor:	apple	model:	iwork	scope:	eq	version:	9.0.4	Trust: 0.3
vendor:	apple	model:	iwork	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	iwork	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	iwork	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	iwork	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	numbers for ios	scope:	ne	version:	1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	iwork	scope:	ne	version:	9.1	Trust: 0.3

sources: BID: 44812 // JVNDB: JVNDB-2010-002429 // CNNVD: CNNVD-201011-171 // NVD: CVE-2010-3785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3785
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-3785
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201011-171
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-46390
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2010-3785
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-3785
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-46390
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-46390 // VULMON: CVE-2010-3785 // JVNDB: JVNDB-2010-002429 // CNNVD: CNNVD-201011-171 // NVD: CVE-2010-3785

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-46390 // JVNDB: JVNDB-2010-002429 // NVD: CVE-2010-3785

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-171

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201011-171

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002429

PATCH

title:	HT4435	url:	http://support.apple.com/kb/HT4435	Trust: 0.8
title:	HT4830	url:	http://support.apple.com/kb/HT4830	Trust: 0.8
title:	HT4435	url:	http://support.apple.com/kb/HT4435?viewlocale=ja_JP	Trust: 0.8
title:	HT4830	url:	http://support.apple.com/kb/HT4830?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-002429

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3785	Trust: 3.1
db:	SECTRACK	id:	1024723	Trust: 1.2
db:	JVNDB	id:	JVNDB-2010-002429	Trust: 0.8
db:	CNNVD	id:	CNNVD-201011-171	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-11-10-1	Trust: 0.6
db:	NSFOCUS	id:	17342	Trust: 0.6
db:	BID	id:	44812	Trust: 0.4
db:	PACKETSTORM	id:	103386	Trust: 0.2
db:	PACKETSTORM	id:	105743	Trust: 0.2
db:	SEEBUG	id:	SSVID-20774	Trust: 0.1
db:	VULHUB	id:	VHN-46390	Trust: 0.1
db:	VULMON	id:	CVE-2010-3785	Trust: 0.1

sources: VULHUB: VHN-46390 // VULMON: CVE-2010-3785 // BID: 44812 // JVNDB: JVNDB-2010-002429 // PACKETSTORM: 105743 // PACKETSTORM: 103386 // CNNVD: CNNVD-201011-171 // NVD: CVE-2010-3785

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html	Trust: 1.8
url:	http://support.apple.com/kb/ht4435	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2011//oct/msg00006.html	Trust: 1.2
url:	http://support.apple.com/kb/ht5004	Trust: 1.2
url:	http://www.securitytracker.com/id?1024723	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3785	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu331391	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3785	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/17342	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.securityfocus.com/advisories/20899	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3785	Trust: 0.2
url:	http://support.apple.com/kb/ht1222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3786	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-quicklook-cve-2010-3785	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-1417	Trust: 0.1

CREDITS

Apple

Trust: 0.5

sources: BID: 44812 // PACKETSTORM: 105743 // PACKETSTORM: 103386

SOURCES

db:	VULHUB	id:	VHN-46390
db:	VULMON	id:	CVE-2010-3785
db:	BID	id:	44812
db:	JVNDB	id:	JVNDB-2010-002429
db:	PACKETSTORM	id:	105743
db:	PACKETSTORM	id:	103386
db:	CNNVD	id:	CNNVD-201011-171
db:	NVD	id:	CVE-2010-3785

LAST UPDATE DATE

2025-04-11T19:52:16.761000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-46390	date:	2011-10-21T00:00:00
db:	VULMON	id:	CVE-2010-3785	date:	2011-10-21T00:00:00
db:	BID	id:	44812	date:	2011-10-12T20:10:00
db:	JVNDB	id:	JVNDB-2010-002429	date:	2011-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201011-171	date:	2010-11-18T00:00:00
db:	NVD	id:	CVE-2010-3785	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-46390	date:	2010-11-16T00:00:00
db:	VULMON	id:	CVE-2010-3785	date:	2010-11-16T00:00:00
db:	BID	id:	44812	date:	2010-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2010-002429	date:	2010-12-01T00:00:00
db:	PACKETSTORM	id:	105743	date:	2011-10-13T02:45:25
db:	PACKETSTORM	id:	103386	date:	2011-07-25T19:31:02
db:	CNNVD	id:	CNNVD-201011-171	date:	2010-11-18T00:00:00
db:	NVD	id:	CVE-2010-3785	date:	2010-11-16T22:00:16.023