Details of VAR-201012-0018

ID

VAR-201012-0018

CVE

CVE-2010-0530

TITLE

Windows Run on Apple QuickTime Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-002558

DESCRIPTION

Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. Apple QuickTime for Windows is prone to a local information-disclosure vulnerability. A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Apple QuickTime 7.6.9 are vulnerable. The software is capable of handling multiple sources such as digital video, media segments, and more

Trust: 1.98

sources: NVD: CVE-2010-0530 // JVNDB: JVNDB-2010-002558 // BID: 45237 // VULHUB: VHN-43135

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.5.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.6	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.5.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.7	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lte	version:	7.6.8	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.1.70	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.6	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.1.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lt	version:	7.6.9	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.8	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.8	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.7	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.6(1671)	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.5	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.4	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	7.6.9	Trust: 0.3

sources: BID: 45237 // JVNDB: JVNDB-2010-002558 // CNNVD: CNNVD-201012-112 // NVD: CVE-2010-0530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0530
value:	LOW
Trust: 1.0
NVD:	CVE-2010-0530
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201012-112
value:	LOW
Trust: 0.6
VULHUB:	VHN-43135
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2010-0530
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43135
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43135 // JVNDB: JVNDB-2010-002558 // CNNVD: CNNVD-201012-112 // NVD: CVE-2010-0530

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-43135 // JVNDB: JVNDB-2010-002558 // NVD: CVE-2010-0530

THREAT TYPE

local

Trust: 0.9

sources: BID: 45237 // CNNVD: CNNVD-201012-112

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201012-112

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002558

PATCH

title:	HT4447	url:	http://support.apple.com/kb/HT4447	Trust: 0.8
title:	HT4447	url:	http://support.apple.com/kb/HT4447?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-002558

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0530	Trust: 2.8
db:	SECTRACK	id:	1024829	Trust: 1.1
db:	JVNDB	id:	JVNDB-2010-002558	Trust: 0.8
db:	CNNVD	id:	CNNVD-201012-112	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-12-07-1	Trust: 0.6
db:	BID	id:	45237	Trust: 0.4
db:	VULHUB	id:	VHN-43135	Trust: 0.1

sources: VULHUB: VHN-43135 // BID: 45237 // JVNDB: JVNDB-2010-002558 // CNNVD: CNNVD-201012-112 // NVD: CVE-2010-0530

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//dec/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4447	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16036	Trust: 1.1
url:	http://www.securitytracker.com/id?1024829	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0530	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu387412	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0530	Trust: 0.8
url:	http://www.apple.com/quicktime/	Trust: 0.3

sources: VULHUB: VHN-43135 // BID: 45237 // JVNDB: JVNDB-2010-002558 // CNNVD: CNNVD-201012-112 // NVD: CVE-2010-0530

CREDITS

Geoff Strickler of On-Line Transaction Consultants

Trust: 0.3

sources: BID: 45237

SOURCES

db:	VULHUB	id:	VHN-43135
db:	BID	id:	45237
db:	JVNDB	id:	JVNDB-2010-002558
db:	CNNVD	id:	CNNVD-201012-112
db:	NVD	id:	CVE-2010-0530

LAST UPDATE DATE

2025-04-11T23:05:55.683000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43135	date:	2017-09-19T00:00:00
db:	BID	id:	45237	date:	2010-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2010-002558	date:	2010-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201012-112	date:	2010-12-13T00:00:00
db:	NVD	id:	CVE-2010-0530	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43135	date:	2010-12-09T00:00:00
db:	BID	id:	45237	date:	2010-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2010-002558	date:	2010-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201012-112	date:	2010-12-13T00:00:00
db:	NVD	id:	CVE-2010-0530	date:	2010-12-09T20:00:16.210