CVE-2010-0041

Description

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

References

• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
• http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
• http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
• http://secunia.com/advisories/39135
• http://support.apple.com/kb/HT4070
• http://support.apple.com/kb/HT4077
• http://support.apple.com/kb/HT4105
• http://support.apple.com/kb/HT4225
• http://www.securityfocus.com/bid/38671
• http://www.securityfocus.com/bid/38676
• http://www.securitytracker.com/id?1023706
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
• http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
• http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
• http://secunia.com/advisories/39135
• http://support.apple.com/kb/HT4070
• http://support.apple.com/kb/HT4077
• http://support.apple.com/kb/HT4105
• http://support.apple.com/kb/HT4225
• http://www.securityfocus.com/bid/38671
• http://www.securityfocus.com/bid/38676
• http://www.securitytracker.com/id?1023706

CWEs

CWE-200