ID

VAR-201011-0157


CVE

CVE-2010-3789


TITLE

Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002433

DESCRIPTION

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the code responsible for parsing rec chunks within an AVI media file. By modifying specific values within the data structure a heap corruption condition can be triggered. An attacker can abuse this to execute arbitrary code under the context of the user running QuickTime. This issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. -- Vendor Response: Apple states: Fixed in Mac OS X 10.6.5: http://support.apple.com/kb/HT4435 -- Disclosure Timeline: 2010-04-13 - Vulnerability reported to vendor 2010-11-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

Trust: 2.7

sources: NVD: CVE-2010-3789 // JVNDB: JVNDB-2010-002433 // ZDI: ZDI-10-250 // BID: 44796 // VULHUB: VHN-46394 // PACKETSTORM: 95913

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope: - version: -

Trust: 1.3

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.9

Trust: 0.8

vendor:applemodel:quicktime playerscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6(1671)

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.64.17.73

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.9

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: ZDI: ZDI-10-250 // BID: 44796 // JVNDB: JVNDB-2010-002433 // CNNVD: CNNVD-201011-175 // NVD: CVE-2010-3789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3789
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3789
value: MEDIUM

Trust: 0.8

ZDI: CVE-2010-3789
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201011-175
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46394
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3789
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2010-3789
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-46394
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-250 // VULHUB: VHN-46394 // JVNDB: JVNDB-2010-002433 // CNNVD: CNNVD-201011-175 // NVD: CVE-2010-3789

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-46394 // JVNDB: JVNDB-2010-002433 // NVD: CVE-2010-3789

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 95913 // CNNVD: CNNVD-201011-175

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201011-175

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002433

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-46394

PATCH

title:HT4435url:http://support.apple.com/kb/HT4435

Trust: 0.8

title:HT4447url:http://support.apple.com/kb/HT4447

Trust: 0.8

title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP

Trust: 0.8

title:HT4447url:http://support.apple.com/kb/HT4447?viewlocale=ja_JP

Trust: 0.8

title:Fixed in Mac OS X 10.6.5: 7.6.9: http://support.apple.com/kb/HT4447url:http://support.apple.com/kb/HT4435QuickTime

Trust: 0.7

sources: ZDI: ZDI-10-250 // JVNDB: JVNDB-2010-002433

EXTERNAL IDS

db:NVDid:CVE-2010-3789

Trust: 3.6

db:ZDIid:ZDI-10-250

Trust: 1.1

db:SECTRACKid:1024729

Trust: 1.1

db:JVNDBid:JVNDB-2010-002433

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-739

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-10-1

Trust: 0.6

db:CNNVDid:CNNVD-201011-175

Trust: 0.6

db:BIDid:44796

Trust: 0.4

db:PACKETSTORMid:95913

Trust: 0.2

db:VULHUBid:VHN-46394

Trust: 0.1

sources: ZDI: ZDI-10-250 // VULHUB: VHN-46394 // BID: 44796 // JVNDB: JVNDB-2010-002433 // PACKETSTORM: 95913 // CNNVD: CNNVD-201011-175 // NVD: CVE-2010-3789

REFERENCES

url:http://support.apple.com/kb/ht4447

Trust: 1.8

url:http://support.apple.com/kb/ht4435

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2010//dec/msg00000.html

Trust: 1.1

url:http://www.securitytracker.com/id?1024729

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3789

Trust: 0.8

url:http://jvn.jp/cert/jvnvu331391

Trust: 0.8

url:http://jvn.jp/cert/jvnvu387412

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3789

Trust: 0.8

url:http://support.apple.com/kb/ht4435quicktime

Trust: 0.7

url:http://www.apple.com/quicktime/

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-10-250/

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3789

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-10-250

Trust: 0.1

sources: ZDI: ZDI-10-250 // VULHUB: VHN-46394 // BID: 44796 // JVNDB: JVNDB-2010-002433 // PACKETSTORM: 95913 // CNNVD: CNNVD-201011-175 // NVD: CVE-2010-3789

CREDITS

Damian Put working with TippingPoint's Zero Day Initiative

Trust: 0.9

sources: BID: 44796 // CNNVD: CNNVD-201011-175

SOURCES

db:ZDIid:ZDI-10-250
db:VULHUBid:VHN-46394
db:BIDid:44796
db:JVNDBid:JVNDB-2010-002433
db:PACKETSTORMid:95913
db:CNNVDid:CNNVD-201011-175
db:NVDid:CVE-2010-3789

LAST UPDATE DATE

2025-04-11T22:31:59.751000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-10-250date:2010-11-10T00:00:00
db:VULHUBid:VHN-46394date:2010-12-11T00:00:00
db:BIDid:44796date:2010-12-07T20:35:00
db:JVNDBid:JVNDB-2010-002433date:2010-12-17T00:00:00
db:CNNVDid:CNNVD-201011-175date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3789date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:ZDIid:ZDI-10-250date:2010-11-10T00:00:00
db:VULHUBid:VHN-46394date:2010-11-16T00:00:00
db:BIDid:44796date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002433date:2010-12-02T00:00:00
db:PACKETSTORMid:95913date:2010-11-17T23:27:43
db:CNNVDid:CNNVD-201011-175date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3789date:2010-11-16T22:00:16.180