CVE-2010-0041: Infoleak
First published: Fri Mar 12 2010(Updated: )
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | <=4.0.4 | |
| Safari | =4.0 | |
| Safari | =4.0.0b | |
| Safari | =4.0.1 | |
| Safari | =4.0.2 | |
| Safari | =4.0.3 | |
| Microsoft Windows Operating System | ||
| All of | ||
| Any of | ||
| Safari | <=4.0.4 | |
| Safari | =4.0 | |
| Safari | =4.0.0b | |
| Safari | =4.0.1 | |
| Safari | =4.0.2 | |
| Safari | =4.0.3 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
- http://www.securityfocus.com/bid/38676
- http://support.apple.com/kb/HT4070
- http://www.securityfocus.com/bid/38671
- http://support.apple.com/kb/HT4077
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
- http://secunia.com/advisories/39135
- http://www.securitytracker.com/id?1023706
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
- http://support.apple.com/kb/HT4225
- http://support.apple.com/kb/HT4105
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885
Frequently Asked Questions
What is the severity of CVE-2010-0041?
CVE-2010-0041 is classified as a medium severity vulnerability.
How do I fix CVE-2010-0041?
To mitigate CVE-2010-0041, users should update Apple Safari to version 4.0.5 or later.
What does CVE-2010-0041 affect?
CVE-2010-0041 affects Apple Safari versions before 4.0.5 and iTunes before 9.1 on Windows.
What kind of attack does CVE-2010-0041 enable?
CVE-2010-0041 allows remote attackers to obtain potentially sensitive information from process memory.
What file type is associated with CVE-2010-0041's exploitation?
CVE-2010-0041 is exploited via a crafted BMP image.
- collector/nvd-historical
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/apple
- canonical/safari
- version/safari/4.0.4
- version/safari/4.0
- version/safari/4.0.0b
- version/safari/4.0.1
- version/safari/4.0.2
- version/safari/4.0.3
- vendor/microsoft
- canonical/microsoft windows operating system