cvelistv5 - cve-2013-1024

CVE-2013-1024 (GCVE-0-2013-1024)

Vulnerability from cvelistv5

Published

2013-06-05 10:00

Modified

2024-08-06 14:49

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
product-security@apple.com	http://support.apple.com/kb/HT5784	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT6001
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5784	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6001

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2013-10-22-8",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-23T19:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2013-10-22-8",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-1024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2013-10-22-8",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6001",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6001"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2013-1024",
    "datePublished": "2013-06-05T10:00:00",
    "dateReserved": "2013-01-10T00:00:00",
    "dateUpdated": "2024-08-06T14:49:20.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-1024\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2013-06-05T14:39:55.643\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.\"},{\"lang\":\"es\",\"value\":\"CoreMedia reproducci\u00f3n en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo de video especialmente dise\u00f1ado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.8.3\",\"matchCriteriaId\":\"489D0901-5D6A-4AA2-B80B-3E706FF1742D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8961F444-48C4-4B54-829B-A1A2D0F2716C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A0FA11-6211-4962-A6E0-F00732818012\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A36C17C-EBB3-4C42-9C75-6A7F2EE1F22C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82DEF28-B061-44B3-AF9B-BE529DB457D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFAECA7C-9A9F-4F5D-8E57-7334C34D24F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D318511-0594-4EE0-BA09-1FA110CFDD17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2082D62-3821-4DBA-8690-67489F44C38D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38823717-65A1-4587-8F05-32EA9A01084C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD4E77C-3F87-476B-BB66-75EECDFDB18E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCDC2BD4-B8DB-4B23-82E3-9D2D7A32CBFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910034A6-3A04-404A-A5BC-D33BD15DCB91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85625414-1AA5-4523-99C0-E27359B568E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8751C7BF-EDDA-4B23-9BE4-5F62B409198D\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT5784\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6001\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5784\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2014-AVI-041

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iTunes. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes versions antérieures à 11.1.4

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6001 du 22 janvier 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iTunes versions ant\u00e9rieures \u00e0 11.1.4\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2013-1045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
    },
    {
      "name": "CVE-2013-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
    },
    {
      "name": "CVE-2013-1047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2013-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
    },
    {
      "name": "CVE-2013-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1024"
    },
    {
      "name": "CVE-2013-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
    },
    {
      "name": "CVE-2013-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
    },
    {
      "name": "CVE-2014-1242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1242"
    },
    {
      "name": "CVE-2013-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
    },
    {
      "name": "CVE-2013-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
    },
    {
      "name": "CVE-2013-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
    },
    {
      "name": "CVE-2013-1039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2013-1038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
    },
    {
      "name": "CVE-2013-1046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
    },
    {
      "name": "CVE-2013-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2013-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    }
  ],
  "initial_release_date": "2014-01-24T00:00:00",
  "last_revision_date": "2014-01-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-041",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iTunes\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6001 du 22 janvier 2014",
      "url": "http://support.apple.com/kb/HT6001"
    }
  ]
}

CERTA-2013-AVI-605

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iTunes. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à iTunes 11.1.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6001 du 22 octobre 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iTunes 11.1.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2013-1045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
    },
    {
      "name": "CVE-2013-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
    },
    {
      "name": "CVE-2013-1047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2013-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
    },
    {
      "name": "CVE-2013-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1024"
    },
    {
      "name": "CVE-2013-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
    },
    {
      "name": "CVE-2013-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
    },
    {
      "name": "CVE-2013-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
    },
    {
      "name": "CVE-2013-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
    },
    {
      "name": "CVE-2013-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
    },
    {
      "name": "CVE-2013-1039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2013-1038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
    },
    {
      "name": "CVE-2013-1046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
    },
    {
      "name": "CVE-2013-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2013-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    }
  ],
  "initial_release_date": "2013-10-24T00:00:00",
  "last_revision_date": "2013-10-24T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-605",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iTunes\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6001 du 22 octobre 2013",
      "url": "http://support.apple.com/kb/HT6001"
    }
  ]
}

CERTA-2013-AVI-340

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Mountain Lion 10.8.4

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5784 du 04 juin 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mountain Lion 10.8.4\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0982"
    },
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2013-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0984"
    },
    {
      "name": "CVE-2013-0277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0277"
    },
    {
      "name": "CVE-2013-1856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1856"
    },
    {
      "name": "CVE-2011-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
    },
    {
      "name": "CVE-2013-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1855"
    },
    {
      "name": "CVE-2013-0276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0276"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2013-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0985"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2013-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0983"
    },
    {
      "name": "CVE-2013-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0989"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2013-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0990"
    },
    {
      "name": "CVE-2013-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0155"
    },
    {
      "name": "CVE-2013-0986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0986"
    },
    {
      "name": "CVE-2013-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0988"
    },
    {
      "name": "CVE-2013-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1024"
    },
    {
      "name": "CVE-2013-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0975"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2011-3207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3207"
    },
    {
      "name": "CVE-2012-5519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5519"
    },
    {
      "name": "CVE-2011-1945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1945"
    },
    {
      "name": "CVE-2013-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0987"
    },
    {
      "name": "CVE-2012-4929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4929"
    },
    {
      "name": "CVE-2013-1854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1854"
    },
    {
      "name": "CVE-2013-0333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0333"
    },
    {
      "name": "CVE-2012-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
    },
    {
      "name": "CVE-2013-1857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1857"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2013-06-05T00:00:00",
  "last_revision_date": "2013-06-05T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5784 du 04 juin 2013",
      "url": "http://support.apple.com/kb/HT5784"
    }
  ]
}

gsd-2013-1024

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-1024

Aliases

CVE-2013-1024

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1024",
    "description": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.",
    "id": "GSD-2013-1024"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1024"
      ],
      "details": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.",
      "id": "GSD-2013-1024",
      "modified": "2023-12-13T01:22:20.950499Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2013-1024",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2013-10-22-8",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
          },
          {
            "name": "http://support.apple.com/kb/HT6001",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT6001"
          },
          {
            "name": "http://support.apple.com/kb/HT5784",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-1024"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "APPLE-SA-2013-10-22-8",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6001",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT6001"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2014-01-28T04:50Z",
      "publishedDate": "2013-06-05T14:39Z"
    }
  }
}

var-201306-0036

Vulnerability from variot

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. These issues affect OS X prior to 10.8.4. Apple Mac OS X is prone to a remote code execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Note: This issue was previously covered in BID 60329 (Apple Mac OS X Security Update 2013-002 Multiple Security Vulnerabilities), but has been given its own record to better document it. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. CVE-ID CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple

libxml Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxml. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002

OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following:

CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An attacker with access to a user's session may be able to log into previously accessed sites, even if Private Browsing was used Description: Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. This issue was addressed by improved handling of cookies. CVE-ID CVE-2013-0982 : Alexander Traud of www.traud.de

CoreAnimation Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of text glyphs. This could be triggered by maliciously crafted URLs in Safari. The issue was addressed through improved bounds checking. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation

CUPS Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: A local user in the lpadmin group may be able to read or write arbitrary files with system privileges Description: A privilege escalation issue existed in the handling of CUPS configuration via the CUPS web interface. A local user in the lpadmin group may be able to read or write arbitrary files with system privileges. This issue was addressed by moving certain configuration directives to cups-files.conf, which can not be modified from the CUPS web interface. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0984 : Nicolas Economou of Core Security

Disk Management Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: A local user may disable FileVault Description: A local user who is not an administrator may disable FileVault using the command-line. This issue was addressed by adding additional authentication. This issue was addressed by disabling compression in OpenSSL. Further information is available via the OpenSSL website at http://www.openssl.org/news/ CVE-ID CVE-2011-1945 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0050 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333

QuickDraw Manager Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PICT images. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0975 : Tobias Klein working with HP's Zero Day Initiative

QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative

QuickTime Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative

Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: Multiple vulnerabilities in Ruby on Rails Description: Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18. Users can update affected gems on such systems by using the /usr/bin/gem utility. CVE-ID CVE-2013-0155 CVE-2013-0276 CVE-2013-0277 CVE-2013-0333 CVE-2013-1854 CVE-2013-1855 CVE-2013-1856 CVE-2013-1857

SMB Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: An authenticated user may be able to write files outside the shared directory Description: If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory. This issue was addressed through improved access control. CVE-ID CVE-2013-0990 : Ward van Wanrooij

Note: Starting with OS X 10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with a Developer ID certificate. Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed.

Note: OS X Mountain Lion v10.8.4 includes the content of Safari 6.0.5. For further details see "About the security content of Safari 6.0.5" at http://http//support.apple.com/kb/HT5785

OS X Mountain Lion v10.8.4 and Security Update 2013-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.4, or Security Update 2013-002.

For OS X Mountain Lion v10.8.3 The download file is named: OSXUpd10.8.4.dmg Its SHA-1 digest is: 9cf99aa1293cefdac0fb9a24ea133c80f8237b5e

For OS X Mountain Lion v10.8 and v10.8.2 The download file is named: OSXUpdCombo10.8.4.dmg Its SHA-1 digest is: 3c95d0c8d0c7f43339a5f4e137e386dd5fe409c3

For OS X Lion v10.7.5 The download file is named: SecUpd2013-002.dmg Its SHA-1 digest is: cfc3bd0941d7c5838aee9e92ee087d78abff3ce7

For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-002.dmg Its SHA-1 digest is: 34dff575a145e13404e7a2ee8a390d3e7c56fb5e

For Mac OS X v10.6.8 The download file is named: SecUpd2013-002.dmg Its SHA-1 digest is: 5da54b38ffb8c147925c3018a8f5bf30ad4ac5b1

For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-002.dmg Its SHA-1 digest is: b20271f019930fe894c2247a6d5e05f00568b583

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRrjkiAAoJEPefwLHPlZEwW+AP/0x/cHS3VPY0/a98Xpmdfkdb eo9Ns5FKw6mIkUftrN6qwNAgFXWqQXNIbJ3q8ZnoxcFPakhYyPSp4XowpR79l7kG B2ZrdTx9aIn2bfHZ+h4cE8XnVL8qUDz2RxFopOGbb+wpJxl8/fehDmWokC5wCeF5 N7mnwW2s37QL73BmAMRdi6CYcJCKwhZWGFWmqiNvpFlUP+kcjU/UM1MAzOu0xsiA PD6NrWeUOWfFrcQgx/pspWGvrFyV4FLu+0wQBl9f/DiQNrwVXIr85rHtah+b1NCU pteSxQwb4kRojXdPm4+I3LKoghzGR8xD6+Xl6KdYgReSW89Di4bKM3WpbRLqhRuq 8kv38Gk3/vZDfAnuNQX09dE6EgJ0DVu86SoRQZ1iYRQoLrizVsOvyVQUojZhT47t 6l44L/5cNJd7EcaC8hdmr44cCZdMPDEqoKzn2BavH62WYXbZMPlHBDo/H2ujUUec i7XU7LA1Upw57X4wmIUU4QrlBhNBh39yRKh3katAklayFBjOMEyyL57gURvd6O77 gFOQpUQ6kgqwgQCrtNT6R96igfyu7cVxYW7XchZDHgA3n/YWOAVvXkVeeQ5OUGzC O0UYLMBpPka31yfWP23QaXpV+LW462raI6LnMvRP1245RhokTTThZw6/9xochK2V +VoeoamqaQqZGyOiObbU =vG2v -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201306-0036",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8 to  v10.8.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.5"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.4   (windows 7)"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.4   (windows 8)"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.4   (windows vista)"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.1.4   (windows xp sp2 or later )"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "directory pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cosmicperl",
        "version": "10.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ward van Wanrooij, Alexander Traud of www.traud.de, David Fifield of Stanford University, Ben Syverson, Richard Kuo and Billy Suguitan of Triemt Corporation, Tobias Klein working with HP\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "BID",
        "id": "60329"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-1024",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2013-1024",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-61026",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-1024",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-1024",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201306-087",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61026",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. \nThese issues affect OS X prior to 10.8.4. Apple Mac OS X is prone to a remote code execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application.     Failed exploit attempts will result in a denial-of-service condition. \nNote: This issue was previously covered in BID 60329 (Apple Mac OS X Security Update 2013-002 Multiple Security Vulnerabilities), but has been given its own record to better document it. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. \nCVE-ID\nCVE-2013-1037 : Google Chrome Security Team\nCVE-2013-1038 : Google Chrome Security Team\nCVE-2013-1039 : own-hero Research working with iDefense VCP\nCVE-2013-1040 : Google Chrome Security Team\nCVE-2013-1041 : Google Chrome Security Team\nCVE-2013-1042 : Google Chrome Security Team\nCVE-2013-1043 : Google Chrome Security Team\nCVE-2013-1044 : Apple\nCVE-2013-1045 : Google Chrome Security Team\nCVE-2013-1046 : Google Chrome Security Team\nCVE-2013-1047 : miaubiz\nCVE-2013-2842 : Cyril Cattiaux\nCVE-2013-5125 : Google Chrome Security Team\nCVE-2013-5126 : Apple\nCVE-2013-5127 : Google Chrome Security Team\nCVE-2013-5128 : Apple\n\nlibxml\nAvailable for:  Windows 8, Windows 7, Vista, XP SP2 or later\nImpact:  A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription:  Multiple memory corruption issues existed in libxml. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update\n2013-002\n\nOS X Mountain Lion v10.8.4 and Security Update 2013-002 is now\navailable and addresses the following:\n\nCFNetwork\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.3\nImpact:  An attacker with access to a user\u0027s session may be able to\nlog into previously accessed sites, even if Private Browsing was used\nDescription:  Permanent cookies were saved after quitting Safari,\neven when Private Browsing was enabled. This issue was addressed by\nimproved handling of cookies. \nCVE-ID\nCVE-2013-0982 : Alexander Traud of www.traud.de\n\nCoreAnimation\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.3\nImpact:  Visiting a maliciously crafted site may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An unbounded stack allocation issue existed in the\nhandling of text glyphs. This could be triggered by maliciously\ncrafted URLs in Safari. The issue was addressed through improved\nbounds checking. This issue was addressed by additional\nvalidation of text tracks. \nCVE-ID\nCVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation\n\nCUPS\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.3\nImpact:  A local user in the lpadmin group may be able to read or\nwrite arbitrary files with system privileges\nDescription:  A privilege escalation issue existed in the handling of\nCUPS configuration via the CUPS web interface. A local user in the\nlpadmin group may be able to read or write arbitrary files with\nsystem privileges. This issue was addressed by moving certain\nconfiguration directives to cups-files.conf, which can not be\nmodified from the CUPS web interface. By sending a maliciously crafted message,\na remote attacker could cause the directory server to terminate or\nexecute arbitrary code with system privileges. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2013-0984 : Nicolas Economou of Core Security\n\nDisk Management\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.3\nImpact:  A local user may disable FileVault\nDescription:  A local user who is not an administrator may disable\nFileVault using the command-line. This issue was addressed by adding\nadditional authentication. This issue was addressed by\ndisabling compression in OpenSSL. Further information is available via the\nOpenSSL website at http://www.openssl.org/news/\nCVE-ID\nCVE-2011-1945\nCVE-2011-3207\nCVE-2011-3210\nCVE-2011-4108\nCVE-2011-4109\nCVE-2011-4576\nCVE-2011-4577\nCVE-2011-4619\nCVE-2012-0050\nCVE-2012-2110\nCVE-2012-2131\nCVE-2012-2333\n\nQuickDraw Manager\nAvailable for:  OS X Lion v10.7 to v10.7.5,\nOS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact:  Opening a maliciously crafted PICT image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of PICT\nimages. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0975 : Tobias Klein working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.3\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of \u0027enof\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0986 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.3\nImpact:  Viewing a maliciously crafted QTIF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nQTIF files. This issue was addressed through improved bounds\nchecking. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0988 : G. Geshev working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.3\nImpact:  Playing a maliciously crafted MP3 file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of MP3 files. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0989 : G. Geshev working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact:  Multiple vulnerabilities in Ruby on Rails\nDescription:  Multiple vulnerabilities existed in Ruby on Rails, the\nmost serious of which may lead to arbitrary code execution on systems\nrunning Ruby on Rails applications. These issues were addressed by\nupdating Ruby on Rails to version 2.3.18. Users can update affected gems on such systems by\nusing the /usr/bin/gem utility. \nCVE-ID\nCVE-2013-0155\nCVE-2013-0276\nCVE-2013-0277\nCVE-2013-0333\nCVE-2013-1854\nCVE-2013-1855\nCVE-2013-1856\nCVE-2013-1857\n\nSMB\nAvailable for:  OS X Lion v10.7 to v10.7.5,\nOS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.3\nImpact:  An authenticated user may be able to write files outside the\nshared directory\nDescription:  If SMB file sharing is enabled, an authenticated user\nmay be able to write files outside the shared directory. This issue\nwas addressed through improved access control. \nCVE-ID\nCVE-2013-0990 : Ward van Wanrooij\n\nNote: Starting with OS X 10.8.4, Java Web Start (i.e. JNLP)\napplications downloaded from the Internet need to be signed with\na Developer ID certificate. Gatekeeper will check downloaded\nJava Web Start applications for a signature and block such\napplications from launching if they are not properly signed. \n\nNote: OS X Mountain Lion v10.8.4 includes the content of\nSafari 6.0.5. For further details see \"About the security content\nof Safari 6.0.5\" at http://http//support.apple.com/kb/HT5785\n\nOS X Mountain Lion v10.8.4 and Security Update 2013-002 may be\nobtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.4, or Security Update\n2013-002. \n\nFor OS X Mountain Lion v10.8.3\nThe download file is named: OSXUpd10.8.4.dmg\nIts SHA-1 digest is: 9cf99aa1293cefdac0fb9a24ea133c80f8237b5e\n\nFor OS X Mountain Lion v10.8 and v10.8.2\nThe download file is named: OSXUpdCombo10.8.4.dmg\nIts SHA-1 digest is: 3c95d0c8d0c7f43339a5f4e137e386dd5fe409c3\n\nFor OS X Lion v10.7.5\nThe download file is named: SecUpd2013-002.dmg\nIts SHA-1 digest is: cfc3bd0941d7c5838aee9e92ee087d78abff3ce7\n\nFor OS X Lion Server v10.7.5\nThe download file is named: SecUpdSrvr2013-002.dmg\nIts SHA-1 digest is: 34dff575a145e13404e7a2ee8a390d3e7c56fb5e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2013-002.dmg\nIts SHA-1 digest is: 5da54b38ffb8c147925c3018a8f5bf30ad4ac5b1\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2013-002.dmg\nIts SHA-1 digest is: b20271f019930fe894c2247a6d5e05f00568b583\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJRrjkiAAoJEPefwLHPlZEwW+AP/0x/cHS3VPY0/a98Xpmdfkdb\neo9Ns5FKw6mIkUftrN6qwNAgFXWqQXNIbJ3q8ZnoxcFPakhYyPSp4XowpR79l7kG\nB2ZrdTx9aIn2bfHZ+h4cE8XnVL8qUDz2RxFopOGbb+wpJxl8/fehDmWokC5wCeF5\nN7mnwW2s37QL73BmAMRdi6CYcJCKwhZWGFWmqiNvpFlUP+kcjU/UM1MAzOu0xsiA\nPD6NrWeUOWfFrcQgx/pspWGvrFyV4FLu+0wQBl9f/DiQNrwVXIr85rHtah+b1NCU\npteSxQwb4kRojXdPm4+I3LKoghzGR8xD6+Xl6KdYgReSW89Di4bKM3WpbRLqhRuq\n8kv38Gk3/vZDfAnuNQX09dE6EgJ0DVu86SoRQZ1iYRQoLrizVsOvyVQUojZhT47t\n6l44L/5cNJd7EcaC8hdmr44cCZdMPDEqoKzn2BavH62WYXbZMPlHBDo/H2ujUUec\ni7XU7LA1Upw57X4wmIUU4QrlBhNBh39yRKh3katAklayFBjOMEyyL57gURvd6O77\ngFOQpUQ6kgqwgQCrtNT6R96igfyu7cVxYW7XchZDHgA3n/YWOAVvXkVeeQ5OUGzC\nO0UYLMBpPka31yfWP23QaXpV+LW462raI6LnMvRP1245RhokTTThZw6/9xochK2V\n+VoeoamqaQqZGyOiObbU\n=vG2v\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "db": "PACKETSTORM",
        "id": "124932"
      },
      {
        "db": "PACKETSTORM",
        "id": "121919"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1024",
        "trust": 3.3
      },
      {
        "db": "JVN",
        "id": "JVNVU95174988",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94321146",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-087",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2013-06-04-1",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "53684",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "60368",
        "trust": 0.4
      },
      {
        "db": "BID",
        "id": "60329",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-61026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "121919",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "PACKETSTORM",
        "id": "124932"
      },
      {
        "db": "PACKETSTORM",
        "id": "121919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "id": "VAR-201306-0036",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:11:45.085000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-10-22-8",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
      },
      {
        "title": "APPLE-SA-2013-06-04-1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
      },
      {
        "title": "HT6001",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6001"
      },
      {
        "title": "HT5784",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5784"
      },
      {
        "title": "HT6001",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6001?viewlocale=ja_JP"
      },
      {
        "title": "HT5784",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5784?viewlocale=ja_JP\u0026locale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht5784"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht6001"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1024"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95174988/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94321146/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1024"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/53684"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024"
      },
      {
        "trust": 0.2,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0276"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0984"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0988"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://www.traud.de"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0989"
      },
      {
        "trust": 0.1,
        "url": "http://www.openssl.org/news/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0982"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0986"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1856"
      },
      {
        "trust": 0.1,
        "url": "http://http//support.apple.com/kb/ht5785"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0987"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0990"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0985"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0983"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0277"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "PACKETSTORM",
        "id": "124932"
      },
      {
        "db": "PACKETSTORM",
        "id": "121919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "db": "PACKETSTORM",
        "id": "124932"
      },
      {
        "db": "PACKETSTORM",
        "id": "121919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "date": "2013-06-04T00:00:00",
        "db": "BID",
        "id": "60329"
      },
      {
        "date": "2013-06-04T00:00:00",
        "db": "BID",
        "id": "60368"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "date": "2014-01-24T01:33:33",
        "db": "PACKETSTORM",
        "id": "124932"
      },
      {
        "date": "2013-06-06T14:44:44",
        "db": "PACKETSTORM",
        "id": "121919"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "date": "2013-06-05T14:39:55.643000",
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61026"
      },
      {
        "date": "2013-06-04T00:00:00",
        "db": "BID",
        "id": "60329"
      },
      {
        "date": "2014-01-24T00:53:00",
        "db": "BID",
        "id": "60368"
      },
      {
        "date": "2014-02-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-087"
      },
      {
        "date": "2014-01-28T04:50:59.727000",
        "db": "NVD",
        "id": "CVE-2013-1024"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  CoreMedia Playback Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002894"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "60329"
      },
      {
        "db": "BID",
        "id": "60368"
      }
    ],
    "trust": 0.6
  }
}

ghsa-c792-63qr-fg7v

Vulnerability from github

Published

2022-05-17 04:53

Modified

2022-05-17 04:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-06-05T14:39:00Z",
    "severity": "MODERATE"
  },
  "details": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.",
  "id": "GHSA-c792-63qr-fg7v",
  "modified": "2022-05-17T04:53:50Z",
  "published": "2022-05-17T04:53:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1024"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2013-1024

Vulnerability from fkie_nvd

Published

2013-06-05 14:39

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
product-security@apple.com	http://support.apple.com/kb/HT5784	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT6001
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5784	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6001

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.7.0
apple	mac_os_x	10.7.1
apple	mac_os_x	10.7.2
apple	mac_os_x	10.7.3
apple	mac_os_x	10.7.4
apple	mac_os_x	10.7.5
apple	mac_os_x	10.8.0
apple	mac_os_x	10.8.1
apple	mac_os_x	10.8.2
apple	mac_os_x_server	10.7.0
apple	mac_os_x_server	10.7.1
apple	mac_os_x_server	10.7.2
apple	mac_os_x_server	10.7.3
apple	mac_os_x_server	10.7.4
apple	mac_os_x_server	10.7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "489D0901-5D6A-4AA2-B80B-3E706FF1742D",
              "versionEndIncluding": "10.8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8961F444-48C4-4B54-829B-A1A2D0F2716C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A0FA11-6211-4962-A6E0-F00732818012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A36C17C-EBB3-4C42-9C75-6A7F2EE1F22C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82DEF28-B061-44B3-AF9B-BE529DB457D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFAECA7C-9A9F-4F5D-8E57-7334C34D24F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D318511-0594-4EE0-BA09-1FA110CFDD17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38823717-65A1-4587-8F05-32EA9A01084C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BD4E77C-3F87-476B-BB66-75EECDFDB18E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCDC2BD4-B8DB-4B23-82E3-9D2D7A32CBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "910034A6-3A04-404A-A5BC-D33BD15DCB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "85625414-1AA5-4523-99C0-E27359B568E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8751C7BF-EDDA-4B23-9BE4-5F62B409198D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
    },
    {
      "lang": "es",
      "value": "CoreMedia reproducci\u00f3n en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo de video especialmente dise\u00f1ado."
    }
  ],
  "id": "CVE-2013-1024",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-06-05T14:39:55.643",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT6001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT6001"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-1024 (GCVE-0-2013-1024)

Vulnerability from cvelistv5

CERTFR-2014-AVI-041

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-605

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-340

Vulnerability from certfr_avis

Solution

gsd-2013-1024

Vulnerability from gsd

var-201306-0036

Vulnerability from variot

ghsa-c792-63qr-fg7v

Vulnerability from github

fkie_cve-2013-1024

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature