cvelistv5 - cve-2011-0210

CVE-2011-0210 (GCVE-0-2011-0210)

Vulnerability from cvelistv5

Published

2011-06-24 20:00

Modified

2024-08-06 21:43

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Patch, Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4723	Patch, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/48442	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4723	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48442	Broken Link

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:15.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "APPLE-SA-2011-08-03-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
          },
          {
            "name": "48442",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48442"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-11T09:00:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "APPLE-SA-2011-08-03-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
        },
        {
          "name": "48442",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48442"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2011-0210",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT4723",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4723"
            },
            {
              "name": "APPLE-SA-2011-06-23-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
            },
            {
              "name": "APPLE-SA-2011-08-03-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
            },
            {
              "name": "48442",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48442"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2011-0210",
    "datePublished": "2011-06-24T20:00:00",
    "dateReserved": "2010-12-23T00:00:00",
    "dateUpdated": "2024-08-06T21:43:15.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0210\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2011-06-24T20:55:02.530\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.\"},{\"lang\":\"es\",\"value\":\"QuickTime para Apple Mac OS X antes de v10.6.8  permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de tablas de ejemplo hechas a mano en un archivo de pel\u00edcula.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.7.0\",\"matchCriteriaId\":\"8AFCF47D-E5F5-487A-839B-E23159071140\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.8\",\"matchCriteriaId\":\"5472AEFC-EA25-49B1-AA2B-8405099B4FBE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.8\",\"matchCriteriaId\":\"BD16A092-B263-400F-BD7E-94DEB5D57EDB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.8\",\"matchCriteriaId\":\"5472AEFC-EA25-49B1-AA2B-8405099B4FBE\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/48442\",\"source\":\"product-security@apple.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/48442\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

fkie_cve-2011-0210

Vulnerability from fkie_nvd

Published

2011-06-24 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Patch, Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4723	Patch, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/48442	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4723	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48442	Broken Link

Impacted products

Vendor	Product	Version
apple	quicktime	*
apple	mac_os_x	*
apple	mac_os_x_server	*
apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFCF47D-E5F5-487A-839B-E23159071140",
              "versionEndExcluding": "7.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5472AEFC-EA25-49B1-AA2B-8405099B4FBE",
              "versionEndExcluding": "10.6.8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD16A092-B263-400F-BD7E-94DEB5D57EDB",
              "versionEndExcluding": "10.6.8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5472AEFC-EA25-49B1-AA2B-8405099B4FBE",
              "versionEndExcluding": "10.6.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file."
    },
    {
      "lang": "es",
      "value": "QuickTime para Apple Mac OS X antes de v10.6.8  permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de tablas de ejemplo hechas a mano en un archivo de pel\u00edcula."
    }
  ],
  "id": "CVE-2011-0210",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-24T20:55:02.530",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4723"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/48442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/48442"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2011-0210

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-0210

Aliases

CVE-2011-0210

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0210",
    "description": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.",
    "id": "GSD-2011-0210"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0210"
      ],
      "details": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.",
      "id": "GSD-2011-0210",
      "modified": "2023-12-13T01:19:04.616675Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2011-0210",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT4723",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "APPLE-SA-2011-08-03-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
          },
          {
            "name": "48442",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48442"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2011-0210"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT4723",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4723"
            },
            {
              "name": "APPLE-SA-2011-06-23-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
            },
            {
              "name": "APPLE-SA-2011-08-03-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
            },
            {
              "name": "48442",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48442"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-10-27T03:21Z",
      "publishedDate": "2011-06-24T20:55Z"
    }
  }
}

CERTA-2011-AVI-429

Vulnerability from certfr_avis

De multiples vulnérabilités dans Apple QuickTime ont été corrigées.

Description

Plusieurs vulnérabilités dans Apple QuickTime permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

La version 7.7 de Quicktime corrige ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	QuickTime 7 sur MacOS X ;
Apple	N/A	QuickTime 7 sur Microsoft Windows ;
Apple	macOS	MacOS X 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4826 du 03 août 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QuickTime 7 sur MacOS X ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "QuickTime 7 sur Microsoft Windows ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Apple QuickTime permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nLa version 7.7 de Quicktime corrige ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0247"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2011-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
    },
    {
      "name": "CVE-2011-0248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0248"
    },
    {
      "name": "CVE-2011-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0257"
    },
    {
      "name": "CVE-2011-0250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
    },
    {
      "name": "CVE-2011-0246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0246"
    },
    {
      "name": "CVE-2011-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0210"
    },
    {
      "name": "CVE-2011-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0186"
    },
    {
      "name": "CVE-2011-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0209"
    },
    {
      "name": "CVE-2011-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0245"
    },
    {
      "name": "CVE-2011-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0213"
    },
    {
      "name": "CVE-2011-0251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
    },
    {
      "name": "CVE-2011-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0256"
    },
    {
      "name": "CVE-2011-0252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
    },
    {
      "name": "CVE-2011-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0211"
    }
  ],
  "initial_release_date": "2011-08-04T00:00:00",
  "last_revision_date": "2011-08-18T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-429",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-04T00:00:00.000000"
    },
    {
      "description": "ajout de r\u00e9f\u00e9rences CVE.",
      "revision_date": "2011-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4826 du 03 ao\u00fbt 2011",
      "url": "http://support.apple.com/kb/HT4826"
    }
  ]
}

CERTA-2011-AVI-369

Vulnerability from certfr_avis

De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :

AirPort ;
App Store ;
Gestion des certificats ;
ColorSync ;
CoreFoundation ;
CoreGraphics ;
FTP Server ;
ImageIO ;
Kernel ;
Libsystem ;
Libxslt ;
MobileMe ;
MySQL ;
OpenSSL ;
QuickTime ;
Samba ;
Servermgrd ;
Subversion.

Certaines vulnérabilités permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X Server 10.6.x.
N/A	N/A	Mac OS X Server 10.5.8 ;
N/A	N/A	Mac OS X 10.6.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4723 du 23 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment\u00a0:\n\n-   AirPort\u00a0;\n-   App Store\u00a0;\n-   Gestion des certificats\u00a0;\n-   ColorSync\u00a0;\n-   CoreFoundation\u00a0;\n-   CoreGraphics\u00a0;\n-   FTP Server\u00a0;\n-   ImageIO\u00a0;\n-   Kernel\u00a0;\n-   Libsystem\u00a0;\n-   Libxslt\u00a0;\n-   MobileMe\u00a0;\n-   MySQL\u00a0;\n-   OpenSSL\u00a0;\n-   QuickTime\u00a0;\n-   Samba\u00a0;\n-   Servermgrd\u00a0;\n-   Subversion.\n\nCertaines vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2011-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0208"
    },
    {
      "name": "CVE-2010-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4651"
    },
    {
      "name": "CVE-2010-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3835"
    },
    {
      "name": "CVE-2011-0198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0198"
    },
    {
      "name": "CVE-2011-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0715"
    },
    {
      "name": "CVE-2010-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3837"
    },
    {
      "name": "CVE-2010-3682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3682"
    },
    {
      "name": "CVE-2011-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0207"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0196"
    },
    {
      "name": "CVE-2010-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3677"
    },
    {
      "name": "CVE-2011-0197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0197"
    },
    {
      "name": "CVE-2011-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0210"
    },
    {
      "name": "CVE-2011-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0209"
    },
    {
      "name": "CVE-2011-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0203"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-0719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0719"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2011-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1132"
    },
    {
      "name": "CVE-2011-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0213"
    },
    {
      "name": "CVE-2010-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3838"
    },
    {
      "name": "CVE-2011-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0212"
    },
    {
      "name": "CVE-2011-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0205"
    },
    {
      "name": "CVE-2010-3836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3836"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-0199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0199"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2010-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3833"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0211"
    },
    {
      "name": "CVE-2010-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3834"
    }
  ],
  "initial_release_date": "2011-06-24T00:00:00",
  "last_revision_date": "2011-06-24T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-369",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4723 du 23 juin 2011",
      "url": "http://docs.info.apple.com/article.html?artnum=HT4723"
    }
  ]
}

ghsa-ch8r-8jgx-j3g6

Vulnerability from github

Published

2022-05-17 05:37

Modified

2022-05-17 05:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-24T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.",
  "id": "GHSA-ch8r-8jgx-j3g6",
  "modified": "2022-05-17T05:37:17Z",
  "published": "2022-05-17T05:37:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0210"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4723"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48442"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0213 : Luigi Auriemma working with iDefense VCP

QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0246 : an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program

QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems. CVE-ID CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative

QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative

QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/

For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355

For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9

QuickTime is incorporated into Mac OS X v10.6 and later.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin)

iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/

TITLE: Apple Mac OS X Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA45054

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45054

RELEASE DATE: 2011-06-25

DISCUSS ADVISORY: http://secunia.com/advisories/45054/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/45054/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=45054

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error within AirPort when handling Wi-Fi frames can be exploited to trigger an out-of-bounds memory access and cause a system reset.

2) An error within App Store may lead to a user's AppleID password being logged to a local file.

3) An unspecified error in the handling of embedded TrueType fonts in Apple Type Services (ATS) can be exploited to cause a heap-based buffer overflow when a specially crafted document is viewed or downloaded.

4) An error within Certificate Trust Policy when handling an Extended Validation (EV) certificate with no OCSP URL can be exploited to disclose certain sensitive information via Man-in-the-Middle (MitM) attacks.

5) An integer overflow error when processing ColorSync profiles embedded in images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image.

7) An integer overflow error in CoreGraphics when handling PDF files containing Type 1 fonts can be exploited to cause a buffer overflow via a specially crafted PDF file.

8) A path validation error within xftpd can be exploited to perform a recursive directory listing and disclose the list of otherwise restricted files.

9) An error in ImageIO within the handling of TIFF files can be exploited to cause a heap-based buffer overflow.

10) An error in ImageIO within the handling of JPEG2000 files can be exploited to cause a heap-based buffer overflow.

11) An error within ICU (International Components for Unicode) when handling certain uppercase strings can be exploited to cause a buffer overflow.

12) A NULL pointer dereference error within the kernel when handling IPV6 socket options can be exploited to cause a system reset.

13) An error within Libsystem when using the glob(3) API can be exploited to cause a high CPU consumption.

14) An error within libxslt can be exploited to disclose certain addresses from the heap.

For more information see vulnerability #2 in: SA43832

15) An error exists within MobileMe when determining a user's email aliases. This can be exploited to disclose a user's MobileMe email aliases via Man-in-the-Middle (MitM) attacks.

16) Some vulnerabilities are caused due to a vulnerable bundled version of MySQL.

For more information: SA41048 SA41716

17) Some vulnerabilities are caused due to a vulnerable bundled version of OpenSSL.

For more information: SA37291 SA38807 SA42243 SA42473 SA43227

18) A vulnerability is caused due to a vulnerable bundled version of GNU patch.

For more information: SA43677

19) An unspecified error in QuickLook within the processing of Microsoft Office files can be exploited to corrupt memory, which may allow execution of arbitrary code.

25) Some vulnerabilities are caused due to a vulnerable bundled version of Samba.

For more information: SA41354 SA43512

26) An error in servermgrd when handling XML-RPC requests can be exploited to disclose arbitrary files from the local resources.

27) A vulnerability is caused due to a vulnerable bundled version of subversion.

For more information: SA43603

SOLUTION: Update to version 10.6.8 or apply Security Update 2011-004.

Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Paul Nelson 3) Marc Schoenefeld, Red Hat Security Response Team and Harry Sintonen 4) Chris Hawk and Wan-Teh Chang, Google 5) binaryproof via ZDI 6) Harry Sintonen 7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 8) team karlkani 9) Dominic Chell, NGS Secure 10) Harry Sintonen 11) David Bienvenu, Mozilla 12) Thomas Clement, Intego 13) Maksymilian Arciemowicz 14) Chris Evans, Google Chrome Security Team 15) Aaron Sigel, vtty.com 19)Tobias Klein via iDefense 20, 22) Luigi Auriemma via ZDI 21) Honggang Ren, Fortinet's FortiGuard Labs 23) Subreption LLC via ZDI 24) Luigi Auriemma via iDefense

1, 26) Reported by the vendor

ORIGINAL ADVISORY: Apple Security Update 2011-004: http://support.apple.com/kb/HT4723

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201106-0161",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.6"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "quicktime",
        "scope": null,
        "trust": 0.6,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.64.17.73"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.9"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.6(1671)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "48442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:quicktime",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Honggang Ren of Fortinet\u0027s FortiGuard Labs",
    "sources": [
      {
        "db": "BID",
        "id": "48442"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-0210",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-0210",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-48155",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-0210",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-0210",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201106-315",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-48155",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-0210",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. \nAn attacker can exploit this issue to execute arbitrary code within the  context of the affected application. Failed exploit attempts will result  in a denial-of-service condition. \nNOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. Viewing a maliciously crafted pict file may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nThis issue does not affect Mac OS X v10.7 systems. Viewing a maliciously\ncrafted JPEG2000 image with QuickTime may lead to an unexpected\napplication termination or arbitrary code execution. For Mac OS X\nv10.6 systems, this issue is addressed in Mac OS X v10.6.7. This\nissue does not affect Mac OS X v10.7 systems. Visiting a maliciously crafted\nwebsite may lead to the disclosure of video data from another site. \nThis issue is addressed by preventing QuickTime from following cross-\nsite redirects. For Mac OS X v10.6 systems, this issue is addressed\nin Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7\nsystems. Playing a maliciously crafted WAV file may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nThis issue does not affect Mac OS X v10.7 systems. Viewing a\nmaliciously crafted movie file may lead to an unexpected application\ntermination or arbitrary code execution. For Mac OS X v10.6 systems,\nthis issue is addressed in Mac OS X v10.6.8. This issue does not\naffect Mac OS X v10.7 systems. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. For Mac OS X v10.6 systems, this issue is addressed\nin Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7\nsystems. \nCVE-ID\nCVE-2011-0211 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nWindows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted JPEG file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in QuickTime\u0027s handling of\nJPEG files. Viewing a maliciously crafted JPEG file may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nThis issue does not affect Mac OS X v10.7 systems. \nCVE-ID\nCVE-2011-0213 : Luigi Auriemma working with iDefense VCP\n\nQuickTime\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted GIF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in QuickTime\u0027s handling\nof GIF images. Viewing a maliciously crafted GIF image may lead to an\nunexpected application termination or arbitrary code execution. This\nissue does not affect Mac OS X systems. \nCVE-ID\nCVE-2011-0246 : an anonymous contributor working with Beyond\nSecurity\u0027s SecuriTeam Secure Disclosure program\n\nQuickTime\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted H.264 movie file may lead to\nan unexpected application termination or arbitrary code execution\nDescription:  Multiple stack buffer overflows existed in the handling\nof H.264 encoded movie files. Viewing a maliciously crafted H.264\nmovie file may lead to an unexpected application termination or\narbitrary code execution. These issues do not affect Mac OS X\nsystems. \nCVE-ID\nCVE-2011-0247 : Roi Mallo and Sherab Giovannini working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website using Internet\nExplorer may lead to an unexpected application termination or\narbitrary code execution\nDescription:  A stack buffer overflow existed in the QuickTime\nActiveX control\u0027s handling of QTL files. Visiting a maliciously\ncrafted website using Internet Explorer may lead to an unexpected\napplication termination or arbitrary code execution. This issue does\nnot affect Mac OS X systems. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. This issue does not affect Mac OS X v10.7 systems. \nCVE-ID\nCVE-2011-0252 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\n\nQuickTime 7.7 may be obtained from the Software Update\napplication, or from the QuickTime Downloads site:\nhttp://www.apple.com/quicktime/download/\n\nFor Mac OS X v10.5.8\nThe download file is named: \"QuickTime77Leopard.dmg\"\nIts SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355\n\nFor Windows 7 / Vista / XP SP3\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9\n\nQuickTime is incorporated into Mac OS X v10.6 and later. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (Darwin)\n\niQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0\nOrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto\nKFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf\nJ2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7\n95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg\ntrYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU=\n=H+iO\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nFrost \u0026 Sullivan 2011 Report: Secunia Vulnerability Research\n\\\"Frost \u0026 Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\\\" This is just one of the key factors that influenced Frost \u0026 Sullivan to select Secunia over other companies. \nRead the report here:\nhttp://secunia.com/products/corporate/vim/fs_request_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA45054\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45054/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054\n\nRELEASE DATE:\n2011-06-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45054/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45054/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error within AirPort when handling Wi-Fi frames can be\nexploited to trigger an out-of-bounds memory access and cause a\nsystem reset. \n\n2) An error within App Store may lead to a user\u0027s AppleID password\nbeing logged to a local file. \n\n3) An unspecified error in the handling of embedded TrueType fonts in\nApple Type Services (ATS) can be exploited to cause a heap-based\nbuffer overflow when a specially crafted document is viewed or\ndownloaded. \n\n4) An error within Certificate Trust Policy when handling an Extended\nValidation (EV) certificate with no OCSP URL can be exploited to\ndisclose certain sensitive information via Man-in-the-Middle (MitM)\nattacks. \n\n5) An integer overflow error when processing ColorSync profiles\nembedded in images can be exploited to cause a heap-based buffer\noverflow and potentially execute arbitrary code via a specially\ncrafted image. \n\n7) An integer overflow error in CoreGraphics when handling PDF files\ncontaining Type 1 fonts can be exploited to cause a buffer overflow\nvia a specially crafted PDF file. \n\n8) A path validation error within xftpd can be exploited to perform a\nrecursive directory listing and disclose the list of otherwise\nrestricted files. \n\n9) An error in ImageIO within the handling of TIFF files can be\nexploited to cause a heap-based buffer overflow. \n\n10) An error in ImageIO within the handling of JPEG2000 files can be\nexploited to cause a heap-based buffer overflow. \n\n11) An error within ICU (International Components for Unicode) when\nhandling certain uppercase strings can be exploited to cause a buffer\noverflow. \n\n12) A NULL pointer dereference error within the kernel when handling\nIPV6 socket options can be exploited to cause a system reset. \n\n13) An error within Libsystem when using the glob(3) API can be\nexploited to cause a high CPU consumption. \n\n14) An error within libxslt can be exploited to disclose certain\naddresses from the heap. \n\nFor more information see vulnerability #2 in:\nSA43832\n\n15) An error exists within MobileMe when determining a user\u0027s email\naliases. This can be exploited to disclose a user\u0027s MobileMe email\naliases via Man-in-the-Middle (MitM) attacks. \n\n16) Some vulnerabilities are caused due to a vulnerable bundled\nversion of MySQL. \n\nFor more information:\nSA41048\nSA41716\n\n17) Some vulnerabilities are caused due to a vulnerable bundled\nversion of OpenSSL. \n\nFor more information:\nSA37291\nSA38807\nSA42243\nSA42473\nSA43227\n\n18) A vulnerability is caused due to a vulnerable bundled version of\nGNU patch. \n\nFor more information:\nSA43677\n\n19) An unspecified error in QuickLook within the processing of\nMicrosoft Office files can be exploited to corrupt memory, which may\nallow execution of arbitrary code. \n\n25) Some vulnerabilities are caused due to a vulnerable bundled\nversion of Samba. \n\nFor more information:\nSA41354\nSA43512\n\n26) An error in servermgrd when handling XML-RPC requests can be\nexploited to disclose arbitrary files from the local resources. \n\n27) A vulnerability is caused due to a vulnerable bundled version of\nsubversion. \n\nFor more information:\nSA43603\n\nSOLUTION:\nUpdate to version 10.6.8 or apply Security Update 2011-004. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n2) Paul Nelson\n3) Marc Schoenefeld, Red Hat Security Response Team and Harry\nSintonen\n4) Chris Hawk and Wan-Teh Chang, Google\n5) binaryproof via ZDI\n6) Harry Sintonen\n7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google\nSecurity Team\n8) team karlkani\n9) Dominic Chell, NGS Secure\n10) Harry Sintonen\n11) David Bienvenu, Mozilla\n12) Thomas Clement, Intego\n13) Maksymilian Arciemowicz\n14) Chris Evans, Google Chrome Security Team\n15) Aaron Sigel, vtty.com\n19)Tobias Klein via iDefense\n20, 22) Luigi Auriemma via ZDI\n21) Honggang Ren, Fortinet\u0027s FortiGuard Labs\n23) Subreption LLC via ZDI\n24) Luigi Auriemma via iDefense\n\n1, 26) Reported by the vendor\n\nORIGINAL ADVISORY:\nApple Security Update 2011-004:\nhttp://support.apple.com/kb/HT4723\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "BID",
        "id": "48442"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "db": "PACKETSTORM",
        "id": "103730"
      },
      {
        "db": "PACKETSTORM",
        "id": "102569"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-0210",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "48442",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "45054",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "17124",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "17108",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "17420",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2011-06-23-1",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-48155",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-0210",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "103730",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "102569",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "db": "BID",
        "id": "48442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "PACKETSTORM",
        "id": "103730"
      },
      {
        "db": "PACKETSTORM",
        "id": "102569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "id": "VAR-201106-0161",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:06:45.872000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4723",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4723"
      },
      {
        "title": "HT4826",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4826"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/48442"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2011//aug/msg00000.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0210"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu976710"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu610235"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0210"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/45054"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/17420"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/17124"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/17108"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=23469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0247"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0210"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0213"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0246"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0252"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0250"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0211"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0249"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0245"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0251"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/fs_request_2011/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45054/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45054/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "db": "BID",
        "id": "48442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "PACKETSTORM",
        "id": "103730"
      },
      {
        "db": "PACKETSTORM",
        "id": "102569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "db": "BID",
        "id": "48442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "db": "PACKETSTORM",
        "id": "103730"
      },
      {
        "db": "PACKETSTORM",
        "id": "102569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-06-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "date": "2011-06-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "date": "2011-06-23T00:00:00",
        "db": "BID",
        "id": "48442"
      },
      {
        "date": "2011-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "date": "2011-08-04T23:11:35",
        "db": "PACKETSTORM",
        "id": "103730"
      },
      {
        "date": "2011-06-24T11:18:16",
        "db": "PACKETSTORM",
        "id": "102569"
      },
      {
        "date": "2011-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "date": "2011-06-24T20:55:02.530000",
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48155"
      },
      {
        "date": "2011-10-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-0210"
      },
      {
        "date": "2011-06-23T00:00:00",
        "db": "BID",
        "id": "48442"
      },
      {
        "date": "2011-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      },
      {
        "date": "2011-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      },
      {
        "date": "2024-11-21T01:23:33.073000",
        "db": "NVD",
        "id": "CVE-2011-0210"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  QuickTime Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001838"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201106-315"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-0210 (GCVE-0-2011-0210)

Vulnerability from cvelistv5

fkie_cve-2011-0210

Vulnerability from fkie_nvd

gsd-2011-0210

Vulnerability from gsd

CERTA-2011-AVI-429

Vulnerability from certfr_avis

Description

Solution

CERTA-2011-AVI-369

Vulnerability from certfr_avis

Description

Solution

ghsa-ch8r-8jgx-j3g6

Vulnerability from github

var-201106-0161

Vulnerability from variot

Tags

Sightings

Nomenclature