var-201011-0166
Vulnerability from variot
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way QuickTime decompresses video samples that are encoded with the Sorenson v3 Codec. Upon parsing malformed video sample data, the application will calculate an index for decompression and use that to seek into a buffer used for writing. Due to lack of bounds checking on the index, a pointer can be made to point outside of the target array. Upon writing of the data a memory corruption will occur. Successful exploitation can lead to code execution under the context of the application. Apple QuickTime is prone to a remote memory corruption vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a very popular multimedia player. ======================================================================
Secunia Research 11/11/2010
- QuickTime Sorenson Video 3 Array-Indexing Vulnerability -
====================================================================== Table of Contents
Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10
====================================================================== 1) Affected Software
- Apple QuickTime 7.6.6 and 7.6.8
NOTE: Other versions may also be affected.
====================================================================== 2) Severity
Rating: Highly critical Impact: System compromise Where: Remote
====================================================================== 3) Vendor's Description of Software
"When you hop aboard QuickTime 7 Player, you\x92re assured of a truly rich multimedia experience.".
Product Link: http://www.apple.com/quicktime/player/
====================================================================== 4) Description of Vulnerability
Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused by an array-indexing error when parsing Sorenson Video 3 content and can be exploited to corrupt memory during decompression via a specially crafted file.
====================================================================== 5) Solution
This will be addressed in an upcoming version for Windows.
====================================================================== 6) Time Table
13/04/2010 - Vendor notified. 13/04/2010 - Vendor response. 26/10/2010 - Vendor provides status update. 11/11/2010 - Public disclosure.
====================================================================== 7) Credits
Discovered by Carsten Eiram, Secunia Research.
====================================================================== 8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2010-3793 for the vulnerability.
====================================================================== 9) About Secunia
Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
====================================================================== 10) Verification
Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-60/
Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/
======================================================================
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: Apple QuickTime Sorenson Video 3 Array-Indexing Vulnerability
SECUNIA ADVISORY ID: SA39259
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39259/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39259
RELEASE DATE: 2010-11-11
DISCUSS ADVISORY: http://secunia.com/advisories/39259/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/39259/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=39259
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in versions 7.6.6 and 7.6.8. Other versions may also be affected.
The vendor also credits an anonymous person via ZDI.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4435
Secunia Research: http://secunia.com/secunia_research/2010-60/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-10-249: Apple Quicktime Sorenson Video Codec Decoding Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-249
November 10, 2010
-- CVE ID: CVE-2010-3793
-- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors: Apple
-- Affected Products: Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9683.
-- Vendor Response: Apple states: Fixed in Mac OS X 10.6.5: http://support.apple.com/kb/HT4435
-- Disclosure Timeline: 2010-03-22 - Vulnerability reported to vendor 2010-11-10 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Anonymous
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": null,
"trust": 1.3,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6(1671)"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "BID",
"id": "44789"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-249"
}
],
"trust": 0.7
},
"cve": "CVE-2010-3793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2010-3793",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-3793",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-46398",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3793",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-3793",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2010-3793",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-179",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-46398",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "VULHUB",
"id": "VHN-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way QuickTime decompresses video samples that are encoded with the Sorenson v3 Codec. Upon parsing malformed video sample data, the application will calculate an index for decompression and use that to seek into a buffer used for writing. Due to lack of bounds checking on the index, a pointer can be made to point outside of the target array. Upon writing of the data a memory corruption will occur. Successful exploitation can lead to code execution under the context of the application. Apple QuickTime is prone to a remote memory corruption vulnerability. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. \nThis issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. \nNOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a very popular multimedia player. ====================================================================== \n\n Secunia Research 11/11/2010\n\n - QuickTime Sorenson Video 3 Array-Indexing Vulnerability -\n\n====================================================================== \nTable of Contents\n\nAffected Software....................................................1\nSeverity.............................................................2\nVendor\u0027s Description of Software.....................................3\nDescription of Vulnerability.........................................4\nSolution.............................................................5\nTime Table...........................................................6\nCredits..............................................................7\nReferences...........................................................8\nAbout Secunia........................................................9\nVerification........................................................10\n\n====================================================================== \n1) Affected Software \n\n* Apple QuickTime 7.6.6 and 7.6.8\n\nNOTE: Other versions may also be affected. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System compromise\nWhere: Remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"When you hop aboard QuickTime 7 Player, you\\x92re assured of a truly \nrich multimedia experience.\". \n\nProduct Link:\nhttp://www.apple.com/quicktime/player/\n\n====================================================================== \n4) Description of Vulnerability\n\nSecunia Research has discovered a vulnerability in QuickTime, which \ncan be exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused by an array-indexing error when parsing \nSorenson Video 3 content and can be exploited to corrupt memory during\ndecompression via a specially crafted file. \n\n====================================================================== \n5) Solution \n\nThis will be addressed in an upcoming version for Windows. \n\n====================================================================== \n6) Time Table \n\n13/04/2010 - Vendor notified. \n13/04/2010 - Vendor response. \n26/10/2010 - Vendor provides status update. \n11/11/2010 - Public disclosure. \n\n====================================================================== \n7) Credits \n\nDiscovered by Carsten Eiram, Secunia Research. \n\n====================================================================== \n8) References\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nCVE-2010-3793 for the vulnerability. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2010-60/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Sorenson Video 3 Array-Indexing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA39259\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/39259/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=39259\n\nRELEASE DATE:\n2010-11-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/39259/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/39259/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=39259\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSecunia Research has discovered a vulnerability in QuickTime, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is confirmed in versions 7.6.6 and 7.6.8. Other\nversions may also be affected. \n\nThe vendor also credits an anonymous person via ZDI. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4435\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2010-60/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-10-249: Apple Quicktime Sorenson Video Codec Decoding Remote Code Execution Vulnerability\n\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-249\n\nNovember 10, 2010\n\n-- CVE ID:\nCVE-2010-3793\n\n-- CVSS:\n10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n-- Affected Vendors:\nApple\n\n-- Affected Products:\nApple Quicktime\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 9683. \n\n-- Vendor Response:\nApple states:\nFixed in\nMac OS X 10.6.5: http://support.apple.com/kb/HT4435\n\n-- Disclosure Timeline:\n2010-03-22 - Vulnerability reported to vendor\n2010-11-10 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Anonymous\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3793"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "BID",
"id": "44789"
},
{
"db": "VULHUB",
"id": "VHN-46398"
},
{
"db": "PACKETSTORM",
"id": "95772"
},
{
"db": "PACKETSTORM",
"id": "95745"
},
{
"db": "PACKETSTORM",
"id": "95912"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-46398",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46398"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3793",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-10-249",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1024729",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-732",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "39259",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "15998",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-11-10-1",
"trust": 0.6
},
{
"db": "BID",
"id": "44789",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "95912",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "95772",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-46398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95745",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "VULHUB",
"id": "VHN-46398"
},
{
"db": "BID",
"id": "44789"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "PACKETSTORM",
"id": "95772"
},
{
"db": "PACKETSTORM",
"id": "95745"
},
{
"db": "PACKETSTORM",
"id": "95912"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"id": "VAR-201011-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46398"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:30:20.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435"
},
{
"title": "HT4447",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4447"
},
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435?viewlocale=ja_JP"
},
{
"title": "HT4447",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4447?viewlocale=ja_JP"
},
{
"title": "Fixed in Mac OS X 10.6.5: 7.6.9: http://support.apple.com/kb/HT4447",
"trust": 0.7,
"url": "http://support.apple.com/kb/HT4435QuickTime"
},
{
"title": "QuickTimeInstaller",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35225"
},
{
"title": "MacOSXUpdCombo10.6.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35034"
},
{
"title": "MacOSXUpd10.6.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35033"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46398"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://support.apple.com/kb/ht4435"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4447"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010//dec/msg00000.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1024729"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3793"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu331391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu387412"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3793"
},
{
"trust": 0.7,
"url": "http://support.apple.com/kb/ht4435quicktime"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/39259"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/15998"
},
{
"trust": 0.5,
"url": "http://secunia.com/secunia_research/2010-60/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-249/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3793"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/mailing_lists/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/player/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39259/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=39259"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39259/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-249"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "VULHUB",
"id": "VHN-46398"
},
{
"db": "BID",
"id": "44789"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "PACKETSTORM",
"id": "95772"
},
{
"db": "PACKETSTORM",
"id": "95745"
},
{
"db": "PACKETSTORM",
"id": "95912"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"db": "VULHUB",
"id": "VHN-46398"
},
{
"db": "BID",
"id": "44789"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"db": "PACKETSTORM",
"id": "95772"
},
{
"db": "PACKETSTORM",
"id": "95745"
},
{
"db": "PACKETSTORM",
"id": "95912"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-10T00:00:00",
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"date": "2010-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-46398"
},
{
"date": "2010-11-10T00:00:00",
"db": "BID",
"id": "44789"
},
{
"date": "2010-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"date": "2010-11-11T17:55:22",
"db": "PACKETSTORM",
"id": "95772"
},
{
"date": "2010-11-12T07:59:14",
"db": "PACKETSTORM",
"id": "95745"
},
{
"date": "2010-11-17T23:27:25",
"db": "PACKETSTORM",
"id": "95912"
},
{
"date": "2010-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"date": "2010-11-16T22:00:16.353000",
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-10T00:00:00",
"db": "ZDI",
"id": "ZDI-10-249"
},
{
"date": "2010-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-46398"
},
{
"date": "2010-12-07T20:35:00",
"db": "BID",
"id": "44789"
},
{
"date": "2010-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002437"
},
{
"date": "2010-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-179"
},
{
"date": "2024-11-21T01:19:37.417000",
"db": "NVD",
"id": "CVE-2010-3793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "95912"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-179"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.