ID: CVE-2010-0040

Last Modified: Sept. 19, 2017

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

Access Vector: Network

Access Complexity: Medium

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 9.3

Exploitability Score: 8.6

Impact Score: 10.0

CVSS V2: AV:N/AC:M/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-189

Condition Configuration
AND
OR
OR
Alle Schwachstellen für apple
Alle Schwachstellen für apple
Alle Schwachstellen für apple
Alle Schwachstellen für apple
Alle Schwachstellen für apple
Alle Schwachstellen für apple
OR
OR
Alle Schwachstellen für microsoft
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="and">
        <set operator="or">
            <prop key="application" value="cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*"/>
        </set>
        <set operator="or">
            <prop key="operating_system" value="cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"/>
        </set>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>