cvelistv5 - cve-2010-0536

CVE-2010-0536 (GCVE-0-2010-0536)

Vulnerability from cvelistv5

Published

2010-03-31 18:00

Modified

2024-08-07 00:52

Severity ?

CWE

Summary

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2010-0536

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

Aliases

CVE-2010-0536

Aliases

CVE-2010-0536

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0536",
    "description": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.",
    "id": "GSD-2010-0536"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0536"
      ],
      "details": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.",
      "id": "GSD-2010-0536",
      "modified": "2023-12-13T01:21:29.481499Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-0536",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2010-03-30-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6969",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0536"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-30-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6969",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:30Z",
      "publishedDate": "2010-03-31T18:30Z"
    }
  }
}

CERTA-2010-AVI-153

Vulnerability from certfr_avis

De multiples vulnérabilités dans QuickTime permettent l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été identifiées dans QuickTime. Leur exploitation permet notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple QuickTime versions antérieures à 7.6.6.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. Apple QuickTime is prone to a memory-corruption vulnerability because it fails to sufficiently validate user-supplied data when viewing BMP images. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0203",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.2.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.2.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.5.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.4.5"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.5.5"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.4.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.3.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.6.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.6.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.6.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "39141"
      },
      {
        "db": "BID",
        "id": "39087"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:quicktime",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SkyLined of Google, Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "39141"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0536",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-0536",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-43141",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0536",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0536",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-513",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43141",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. Apple QuickTime is prone to a memory-corruption vulnerability because it fails to sufficiently validate user-supplied data when viewing BMP images. \nThese issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files.  Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. \nVersions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "BID",
        "id": "39141"
      },
      {
        "db": "BID",
        "id": "39087"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0536",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-03-30-1",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "39141",
        "trust": 0.4
      },
      {
        "db": "BID",
        "id": "39087",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-43141",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "db": "BID",
        "id": "39141"
      },
      {
        "db": "BID",
        "id": "39087"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "id": "VAR-201003-0203",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:10:22.417000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4104",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4104"
      },
      {
        "title": "HT4104",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4104?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6969"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0536"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0536"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/quicktime/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "db": "BID",
        "id": "39141"
      },
      {
        "db": "BID",
        "id": "39087"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "db": "BID",
        "id": "39141"
      },
      {
        "db": "BID",
        "id": "39087"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "date": "2010-03-31T00:00:00",
        "db": "BID",
        "id": "39141"
      },
      {
        "date": "2010-03-30T00:00:00",
        "db": "BID",
        "id": "39087"
      },
      {
        "date": "2010-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "date": "2010-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "date": "2010-03-31T18:30:00.437000",
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43141"
      },
      {
        "date": "2010-03-31T00:00:00",
        "db": "BID",
        "id": "39141"
      },
      {
        "date": "2010-03-31T23:02:00",
        "db": "BID",
        "id": "39087"
      },
      {
        "date": "2010-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      },
      {
        "date": "2010-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      },
      {
        "date": "2024-11-21T01:12:24.013000",
        "db": "NVD",
        "id": "CVE-2010-0536"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "39141"
      },
      {
        "db": "BID",
        "id": "39087"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows Run on  Apple QuickTime Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001337"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-513"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2010-0536

Vulnerability from fkie_nvd

Published

2010-03-31 18:30

Modified

2025-04-11 00:51

Severity ?

Summary

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html	Patch, Vendor Advisory
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969

Impacted products

Vendor	Product	Version
apple	quicktime	*
apple	quicktime	7.0.0
apple	quicktime	7.0.1
apple	quicktime	7.0.2
apple	quicktime	7.0.3
apple	quicktime	7.0.4
apple	quicktime	7.1.0
apple	quicktime	7.1.1
apple	quicktime	7.1.2
apple	quicktime	7.1.3
apple	quicktime	7.1.4
apple	quicktime	7.1.5
apple	quicktime	7.1.6
apple	quicktime	7.2.0
apple	quicktime	7.2.1
apple	quicktime	7.3.0
apple	quicktime	7.3.1
apple	quicktime	7.4.0
apple	quicktime	7.4.1
apple	quicktime	7.4.5
apple	quicktime	7.5.0
apple	quicktime	7.5.5
microsoft	windows_7	*
microsoft	windows_vista	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
              "matchCriteriaId": "B27C0810-E6C3-44D9-8EA1-BBCF0C681F71",
              "versionEndIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "3F4075B0-0F9F-466B-8521-2156849247C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "DF2A6BCB-108E-4226-BC31-6E0057DFB6D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F8BF6A6A-F734-4395-9305-2E9F52EE888F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
              "matchCriteriaId": "AFCB45F3-397E-42A8-8D08-ECF667939FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
              "matchCriteriaId": "D5C04F70-E2E6-48F4-948D-9D0C7B2A2F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "E1DB3FBD-40F4-41FB-A939-3E3A4D0D85B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F45B47BB-E14F-4437-8828-EF059496BF95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "9B353211-F90E-4F38-9D0B-B8C7EC00E66F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F6A44CA9-D257-4BB7-B5AB-23193F35FCB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*",
              "matchCriteriaId": "9B8F4241-551B-492D-8602-06146B05CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.5:-:windows:*:*:*:*:*",
              "matchCriteriaId": "2BA9C6F7-513B-426F-90AD-7E826433CEF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.6:-:windows:*:*:*:*:*",
              "matchCriteriaId": "5B709D68-8474-4AAE-AA11-777EF510E1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "4DCEE583-6CD2-4098-9A2A-B006A5023318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "52AD56F9-0CE6-4949-9853-3274A2C81601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "555B1A2A-95F5-4B06-8774-FF952BEC2FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "CEA210F5-71F6-4528-B2B4-507AA4A435EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "081712FF-C6B8-423B-8F20-C79D25DE782F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "CF045B49-11A3-447A-9D05-1E8794980A81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.5:-:windows:*:*:*:*:*",
              "matchCriteriaId": "939BE521-A385-4A1A-B4B0-C4687751D4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.5.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "304CFC80-E925-4CB8-8251-0FD0F09B8410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.5.5:-:windows:*:*:*:*:*",
              "matchCriteriaId": "DFD95CD9-E387-4EC8-B6EA-FBC6961E4C8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image."
    },
    {
      "lang": "es",
      "value": "Apple QuickTime en versiones anteriores a la 7.6.6 en Windows permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria o ca\u00edda de la aplicaci\u00f3n) mediante una imagen BMP manipulada."
    }
  ],
  "evaluatorImpact": "Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html\r\n\r\n\u0027 This issue does not affect Mac OS X systems.\u0027",
  "id": "CVE-2010-0536",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-31T18:30:00.437",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-wr9p-qxcp-857h

Vulnerability from github

Published

2022-05-02 06:13

Modified

2022-05-02 06:13

Details

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-31T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.",
  "id": "GHSA-wr9p-qxcp-857h",
  "modified": "2022-05-02T06:13:30Z",
  "published": "2022-05-02T06:13:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0536"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0536 (GCVE-0-2010-0536)

Vulnerability from cvelistv5

gsd-2010-0536

Vulnerability from gsd

CERTA-2010-AVI-153

Vulnerability from certfr_avis

Description

Solution

var-201003-0203

Vulnerability from variot

fkie_cve-2010-0536

Vulnerability from fkie_nvd

ghsa-wr9p-qxcp-857h

Vulnerability from github

Tags

Sightings

Nomenclature