Sign-up

ID

VAR-201011-0158


CVE

CVE-2010-3790


TITLE

Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002434

DESCRIPTION

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application performs a transformation on an image sample using the sprite handler. When performing the transformation, the application will scale the sprite outside the bounds of the original buffer. This can cause memory corruption which can lead to code execution within the context of the application. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-231 June 29, 2011 -- CVE ID: CVE-2010-3790 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11429. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4723 -- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-06-29 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Subreption LLC -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.51

sources: NVD: CVE-2010-3790 // JVNDB: JVNDB-2010-002434 // ZDI: ZDI-11-038 // ZDI: ZDI-11-231 // BID: 44794 // VULHUB: VHN-46395 // VULMON: CVE-2010-3790 // PACKETSTORM: 102678 // PACKETSTORM: 98101

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope: - version: -

Trust: 2.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.9

Trust: 0.8

vendor:applemodel:quicktime playerscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6(1671)

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.64.17.73

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.9

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.8

Trust: 0.3

sources: ZDI: ZDI-11-038 // ZDI: ZDI-11-231 // BID: 44794 // JVNDB: JVNDB-2010-002434 // CNNVD: CNNVD-201011-176 // NVD: CVE-2010-3790

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2010-3790
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2010-3790
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3790
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-176
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46395
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-3790
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3790
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2010-3790
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

ZDI: CVE-2010-3790
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-46395
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-11-038 // ZDI: ZDI-11-231 // VULHUB: VHN-46395 // VULMON: CVE-2010-3790 // JVNDB: JVNDB-2010-002434 // CNNVD: CNNVD-201011-176 // NVD: CVE-2010-3790

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-46395 // JVNDB: JVNDB-2010-002434 // NVD: CVE-2010-3790

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 102678 // PACKETSTORM: 98101 // CNNVD: CNNVD-201011-176

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201011-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002434

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-46395

PATCH
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 1.5
title:HT4723url:http://support.apple.com/kb/HT4723
Trust: 1.5
title:HT4447url:http://support.apple.com/kb/HT4447
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
title:HT4447url:http://support.apple.com/kb/HT4447?viewlocale=ja_JP
Trust: 0.8
title:QuickTimeInstallerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35225
Trust: 0.6
title:MacOSXUpdCombo10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35034
Trust: 0.6
title:MacOSXUpd10.6.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35033
Trust: 0.6
sources:
            
            
            ZDI: ZDI-11-038 // 
            
            
            
            ZDI: ZDI-11-231 // 
            
            
            
            JVNDB: JVNDB-2010-002434 // 
            
            
            
            CNNVD: CNNVD-201011-176

EXTERNAL IDS
db:NVDid:CVE-2010-3790
Trust: 4.5
db:ZDIid:ZDI-11-038
Trust: 2.3
db:BIDid:44794
Trust: 1.5
db:ZDIid:ZDI-11-231
Trust: 1.1
db:SECTRACKid:1024729
Trust: 1.1
db:JVNDBid:JVNDB-2010-002434
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-910
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-1148
Trust: 0.7
db:APPLEid:APPLE-SA-2010-11-10-1
Trust: 0.6
db:CNNVDid:CNNVD-201011-176
Trust: 0.6
db:PACKETSTORMid:98101
Trust: 0.2
db:PACKETSTORMid:102678
Trust: 0.2
db:VULHUBid:VHN-46395
Trust: 0.1
db:VULMONid:CVE-2010-3790
Trust: 0.1
sources:
            
            
            ZDI: ZDI-11-038 // 
            
            
            
            ZDI: ZDI-11-231 // 
            
            
            
            VULHUB: VHN-46395 // 
            
            
            
            VULMON: CVE-2010-3790 // 
            
            
            
            BID: 44794 // 
            
            
            
            JVNDB: JVNDB-2010-002434 // 
            
            
            
            PACKETSTORM: 102678 // 
            
            
            
            PACKETSTORM: 98101 // 
            
            
            
            CNNVD: CNNVD-201011-176 // 
            
            
            
            NVD: CVE-2010-3790

REFERENCES
url:http://support.apple.com/kb/ht4435
Trust: 2.6
url:http://support.apple.com/kb/ht4447
Trust: 2.0
url:http://support.apple.com/kb/ht4723
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.8
url:http://www.zerodayinitiative.com/advisories/zdi-11-038/
Trust: 1.5
url:http://lists.apple.com/archives/security-announce/2010//dec/msg00000.html
Trust: 1.2
url:http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html
Trust: 1.2
url:http://www.securityfocus.com/bid/44794
Trust: 1.2
url:http://www.securitytracker.com/id?1024729
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3790
Trust: 0.8
url:http://jvn.jp/cert/jvnvu387412
Trust: 0.8
url:http://jvn.jp/cert/jvnvu976710
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3790
Trust: 0.8
url:http://www.zerodayinitiative.com/advisories/zdi-11-231
Trust: 0.4
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.2
url:http://secunia.com/
Trust: 0.2
url:http://twitter.com/thezdi
Trust: 0.2
url:http://www.zerodayinitiative.com
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-3790
Trust: 0.2
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=21818
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-11-038
Trust: 0.1
sources:
            
            
            ZDI: ZDI-11-038 // 
            
            
            
            ZDI: ZDI-11-231 // 
            
            
            
            VULHUB: VHN-46395 // 
            
            
            
            VULMON: CVE-2010-3790 // 
            
            
            
            BID: 44794 // 
            
            
            
            JVNDB: JVNDB-2010-002434 // 
            
            
            
            PACKETSTORM: 102678 // 
            
            
            
            PACKETSTORM: 98101 // 
            
            
            
            CNNVD: CNNVD-201011-176 // 
            
            
            
            NVD: CVE-2010-3790

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-11-038

SOURCES
db:ZDIid:ZDI-11-038
db:ZDIid:ZDI-11-231
db:VULHUBid:VHN-46395
db:VULMONid:CVE-2010-3790
db:BIDid:44794
db:JVNDBid:JVNDB-2010-002434
db:PACKETSTORMid:102678
db:PACKETSTORMid:98101
db:CNNVDid:CNNVD-201011-176
db:NVDid:CVE-2010-3790

LAST UPDATE DATE
2025-04-11T20:13:33.898000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-11-038date:2011-02-01T00:00:00
db:ZDIid:ZDI-11-231date:2011-06-29T00:00:00
db:VULHUBid:VHN-46395date:2011-07-02T00:00:00
db:VULMONid:CVE-2010-3790date:2011-07-02T00:00:00
db:BIDid:44794date:2015-03-19T09:29:00
db:JVNDBid:JVNDB-2010-002434date:2011-06-29T00:00:00
db:CNNVDid:CNNVD-201011-176date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3790date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-11-038date:2011-02-01T00:00:00
db:ZDIid:ZDI-11-231date:2011-06-29T00:00:00
db:VULHUBid:VHN-46395date:2010-11-16T00:00:00
db:VULMONid:CVE-2010-3790date:2010-11-16T00:00:00
db:BIDid:44794date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002434date:2010-12-02T00:00:00
db:PACKETSTORMid:102678date:2011-06-30T06:16:44
db:PACKETSTORMid:98101date:2011-02-02T19:22:00
db:CNNVDid:CNNVD-201011-176date:2010-11-18T00:00:00
db:NVDid:CVE-2010-3790date:2010-11-16T22:00:16.227