4.3
CVE-2010-0041
- EPSS 2.52%
- Veröffentlicht 15.03.2010 13:28:25
- Zuletzt bearbeitet 16.06.2026 23:15:17
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.52% | 0.828 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://support.apple.com/kb/HT4225
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
http://secunia.com/advisories/39135
http://support.apple.com/kb/HT4070
http://support.apple.com/kb/HT4105
http://www.securityfocus.com/bid/38671
http://www.securitytracker.com/id?1023706
http://www.securityfocus.com/bid/38676
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885