Vulnerability Details CVE-2010-0516
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
- http://support.apple.com/kb/HT4077
- http://www.securityfocus.com/archive/1/510513/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-10-040
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7062
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
- http://support.apple.com/kb/HT4077
- http://www.securityfocus.com/archive/1/510513/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-10-040
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7062
Products affected by CVE-2010-0516
-
cpe:2.3:o:apple:mac_os_x:10.6.0
-
cpe:2.3:o:apple:mac_os_x:10.6.1
-
cpe:2.3:o:apple:mac_os_x:10.6.2
-
cpe:2.3:o:apple:mac_os_x_server:10.6.0
-
cpe:2.3:o:apple:mac_os_x_server:10.6.1
-
cpe:2.3:o:apple:mac_os_x_server:10.6.2