CVE-2010-0042: Infoleak
First published: Fri Mar 12 2010(Updated: )
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | <=4.0.4 | |
| Safari | =4.0 | |
| Safari | =4.0.0b | |
| Safari | =4.0.1 | |
| Safari | =4.0.2 | |
| Safari | =4.0.3 | |
| Microsoft Windows Operating System | ||
| All of | ||
| Any of | ||
| Safari | <=4.0.4 | |
| Safari | =4.0 | |
| Safari | =4.0.0b | |
| Safari | =4.0.1 | |
| Safari | =4.0.2 | |
| Safari | =4.0.3 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
- http://www.securityfocus.com/bid/38677
- http://www.securityfocus.com/bid/38671
- http://support.apple.com/kb/HT4070
- http://support.apple.com/kb/HT4077
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
- http://secunia.com/advisories/39135
- http://www.securitytracker.com/id?1023706
- http://support.apple.com/kb/HT4225
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
- http://support.apple.com/kb/HT4105
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://support.apple.com/kb/HT4456
- http://secunia.com/advisories/42314
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561
Frequently Asked Questions
What is the severity of CVE-2010-0042?
CVE-2010-0042 is considered to have moderate severity due to the potential exposure of sensitive information.
How do I fix CVE-2010-0042?
To mitigate CVE-2010-0042, users should update Apple Safari to version 4.0.5 or later.
What does CVE-2010-0042 vulnerability allow attackers to do?
CVE-2010-0042 allows remote attackers to access potentially sensitive information from process memory via a crafted TIFF image.
What software versions are affected by CVE-2010-0042?
CVE-2010-0042 affects Apple Safari versions prior to 4.0.5 and specific versions of iTunes on Windows.
Is there a known exploit for CVE-2010-0042?
Yes, adversaries have crafted TIFF images that exploit CVE-2010-0042 to gain unauthorized access to memory.
- collector/nvd-historical
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/apple
- canonical/safari
- version/safari/4.0.4
- version/safari/4.0
- version/safari/4.0.0b
- version/safari/4.0.1
- version/safari/4.0.2
- version/safari/4.0.3
- vendor/microsoft
- canonical/microsoft windows operating system