ID

VAR-201011-0156


CVE

CVE-2010-3788


TITLE

Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002432

DESCRIPTION

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application's support for a component within the SIZ marker in a JPEG 2000 image. When the component contains a malicious value, the application will add a corrupted object to a queue of data which will be processed by the Component Manager's JP2 decompressor. Later when attempting to decompress this data, the application will use the corrupted object. This can lead to code execution under the context of the application. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a very popular multimedia player. ZDI-10-252: Apple QuickTime JP2 SIZ Chunk Uninitialized Object Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-252 November 10, 2010 -- CVE ID: CVE-2010-3788 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10292. -- Vendor Response: Apple states: Fixed in Mac OS X 10.6.5: http://support.apple.com/kb/HT4435 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put * Procyun -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

Trust: 2.7

sources: NVD: CVE-2010-3788 // JVNDB: JVNDB-2010-002432 // ZDI: ZDI-10-252 // BID: 44795 // VULHUB: VHN-46393 // PACKETSTORM: 95920

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope: - version: -

Trust: 1.3

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.9

Trust: 0.8

vendor:applemodel:quicktime playerscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6(1671)

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.64.17.73

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.9

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: ZDI: ZDI-10-252 // BID: 44795 // JVNDB: JVNDB-2010-002432 // CNNVD: CNNVD-201011-174 // NVD: CVE-2010-3788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3788
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3788
value: MEDIUM

Trust: 0.8

ZDI: CVE-2010-3788
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201011-174
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46393
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3788
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2010-3788
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-46393
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-252 // VULHUB: VHN-46393 // JVNDB: JVNDB-2010-002432 // CNNVD: CNNVD-201011-174 // NVD: CVE-2010-3788

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-46393 // JVNDB: JVNDB-2010-002432 // NVD: CVE-2010-3788

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 95920 // CNNVD: CNNVD-201011-174

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201011-174

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002432

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-46393

PATCH

title:HT4435url:http://support.apple.com/kb/HT4435

Trust: 0.8

title:HT4447url:http://support.apple.com/kb/HT4447

Trust: 0.8

title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP

Trust: 0.8

title:HT4447url:http://support.apple.com/kb/HT4447?viewlocale=ja_JP

Trust: 0.8

title:Fixed in Mac OS X 10.6.5: 7.6.9: http://support.apple.com/kb/HT4447url:http://support.apple.com/kb/HT4435QuickTime

Trust: 0.7

sources: ZDI: ZDI-10-252 // JVNDB: JVNDB-2010-002432

EXTERNAL IDS

db:NVDid:CVE-2010-3788

Trust: 3.6

db:ZDIid:ZDI-10-252

Trust: 1.1

db:SECTRACKid:1024729

Trust: 1.1

db:JVNDBid:JVNDB-2010-002432

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-812

Trust: 0.7

db:CNNVDid:CNNVD-201011-174

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-10-1

Trust: 0.6

db:BIDid:44795

Trust: 0.4

db:PACKETSTORMid:95920

Trust: 0.2

db:VULHUBid:VHN-46393

Trust: 0.1

sources: ZDI: ZDI-10-252 // VULHUB: VHN-46393 // BID: 44795 // JVNDB: JVNDB-2010-002432 // PACKETSTORM: 95920 // CNNVD: CNNVD-201011-174 // NVD: CVE-2010-3788

REFERENCES

url:http://support.apple.com/kb/ht4447

Trust: 1.8

url:http://support.apple.com/kb/ht4435

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2010//dec/msg00000.html

Trust: 1.1

url:http://www.securitytracker.com/id?1024729

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3788

Trust: 0.8

url:http://jvn.jp/cert/jvnvu331391

Trust: 0.8

url:http://jvn.jp/cert/jvnvu387412

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3788

Trust: 0.8

url:http://support.apple.com/kb/ht4435quicktime

Trust: 0.7

url:http://www.zerodayinitiative.com/advisories/zdi-10-252

Trust: 0.4

url:http://www.apple.com/quicktime/

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3788

Trust: 0.1

sources: ZDI: ZDI-10-252 // VULHUB: VHN-46393 // BID: 44795 // JVNDB: JVNDB-2010-002432 // PACKETSTORM: 95920 // CNNVD: CNNVD-201011-174 // NVD: CVE-2010-3788

CREDITS

Damian Put and Procyun, working with TippingPoint's Zero Day Initiative

Trust: 0.9

sources: BID: 44795 // CNNVD: CNNVD-201011-174

SOURCES

db:ZDIid:ZDI-10-252
db:VULHUBid:VHN-46393
db:BIDid:44795
db:JVNDBid:JVNDB-2010-002432
db:PACKETSTORMid:95920
db:CNNVDid:CNNVD-201011-174
db:NVDid:CVE-2010-3788

LAST UPDATE DATE

2025-04-11T20:21:04.741000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-10-252date:2010-11-10T00:00:00
db:VULHUBid:VHN-46393date:2010-12-11T00:00:00
db:BIDid:44795date:2010-12-07T20:35:00
db:JVNDBid:JVNDB-2010-002432date:2010-12-17T00:00:00
db:CNNVDid:CNNVD-201011-174date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3788date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:ZDIid:ZDI-10-252date:2010-11-10T00:00:00
db:VULHUBid:VHN-46393date:2010-11-16T00:00:00
db:BIDid:44795date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002432date:2010-12-02T00:00:00
db:PACKETSTORMid:95920date:2010-11-17T23:55:08
db:CNNVDid:CNNVD-201011-174date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3788date:2010-11-16T22:00:16.150