ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html - | |
References | () http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html - | |
References | () http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - | |
References | () http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html - Vendor Advisory | |
References | () http://secunia.com/advisories/39135 - | |
References | () http://support.apple.com/kb/HT4070 - Vendor Advisory | |
References | () http://support.apple.com/kb/HT4077 - | |
References | () http://support.apple.com/kb/HT4105 - | |
References | () http://support.apple.com/kb/HT4225 - | |
References | () http://www.securityfocus.com/bid/38671 - Patch | |
References | () http://www.securityfocus.com/bid/38676 - Patch | |
References | () http://www.securitytracker.com/id?1023706 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885 - |
Information
Published : 2010-03-15 13:28
Updated : 2024-11-21 01:11
NVD link : CVE-2010-0041
Mitre link : CVE-2010-0041
CVE.ORG link : CVE-2010-0041
JSON object : View
Products Affected
apple
- safari
microsoft
- windows
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor