Details of VAR-201003-0207

ID

VAR-201003-0207

CVE

CVE-2010-0527

TITLE

Apple QuickTime Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001334

DESCRIPTION

Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. BACKGROUND --------------------- "Apple QuickTime is software that allows Mac and Windows users to play back audio and video on their computers. But taking a deeper look, QuickTime is many things: a file format, an environment for media authoring and a suite of applications" from Apple.com II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in Apple Quicktime. III. Exploits - PoCs & Binary Analysis ---------------------------------------- In-depth binary analysis of the vulnerability and an exploit code have been released by VUPEN through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits V. SOLUTION ---------------- Upgrade to Apple QuickTime version 7.6.6 : http://www.apple.com/quicktime/download/ VI. CREDIT -------------- The vulnerability was discovered by Nicolas Joly of VUPEN Security VII. ABOUT VUPEN Security --------------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits VIII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/0746 http://support.apple.com/kb/HT4104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0527 IX. DISCLOSURE TIMELINE ----------------------------------- 2009-05-28 - Vendor notified 2009-05-28 - Vendor response 2009-07-18 - Status update received 2009-10-30 - Status update received 2010-01-07 - Status update received 2010-03-11 - Status update received 2010-03-31 - Coordinated public Disclosure

Trust: 2.34

sources: NVD: CVE-2010-0527 // JVNDB: JVNDB-2010-001334 // BID: 39136 // BID: 39087 // VULHUB: VHN-43132 // PACKETSTORM: 87924

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.6	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.5.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.5.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lte	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lt	version:	7.6.6	Trust: 0.8
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.5	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.4	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.2	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6.1	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.6	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	ne	version:	7.6.6	Trust: 0.6

sources: BID: 39136 // BID: 39087 // JVNDB: JVNDB-2010-001334 // CNNVD: CNNVD-201003-508 // NVD: CVE-2010-0527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0527
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-0527
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201003-508
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-43132
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-0527
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43132
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43132 // JVNDB: JVNDB-2010-001334 // CNNVD: CNNVD-201003-508 // NVD: CVE-2010-0527

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-43132 // JVNDB: JVNDB-2010-001334 // NVD: CVE-2010-0527

THREAT TYPE

network

Trust: 0.6

sources: BID: 39136 // BID: 39087

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201003-508

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001334

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43132

PATCH

title:	HT4104	url:	http://support.apple.com/kb/HT4104	Trust: 0.8
title:	HT4104	url:	http://support.apple.com/kb/HT4104?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001334

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0527	Trust: 3.2
db:	JVNDB	id:	JVNDB-2010-001334	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-508	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-03-30-1	Trust: 0.6
db:	BID	id:	39136	Trust: 0.4
db:	BID	id:	39087	Trust: 0.3
db:	PACKETSTORM	id:	87924	Trust: 0.2
db:	VULHUB	id:	VHN-43132	Trust: 0.1
db:	VUPEN	id:	ADV-2010-0746	Trust: 0.1

sources: VULHUB: VHN-43132 // BID: 39136 // BID: 39087 // JVNDB: JVNDB-2010-001334 // PACKETSTORM: 87924 // CNNVD: CNNVD-201003-508 // NVD: CVE-2010-0527

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//mar/msg00002.html	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7458	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0527	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0527	Trust: 0.8
url:	http://www.apple.com/quicktime/	Trust: 0.6
url:	http://www.apple.com/quicktime/download/	Trust: 0.1
url:	http://www.vupen.com/english/advisories/2010/0746	Trust: 0.1
url:	http://www.vupen.com/english/research.php	Trust: 0.1
url:	http://support.apple.com/kb/ht4104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0527	Trust: 0.1
url:	http://www.vupen.com/exploits	Trust: 0.1
url:	http://www.vupen.com/english/services	Trust: 0.1

sources: VULHUB: VHN-43132 // BID: 39136 // BID: 39087 // JVNDB: JVNDB-2010-001334 // PACKETSTORM: 87924 // CNNVD: CNNVD-201003-508 // NVD: CVE-2010-0527

CREDITS

Nicolas Joly of VUPEN Vulnerability Research Team

Trust: 0.3

sources: BID: 39136

SOURCES

db:	VULHUB	id:	VHN-43132
db:	BID	id:	39136
db:	BID	id:	39087
db:	JVNDB	id:	JVNDB-2010-001334
db:	PACKETSTORM	id:	87924
db:	CNNVD	id:	CNNVD-201003-508
db:	NVD	id:	CVE-2010-0527

LAST UPDATE DATE

2025-04-11T22:08:51.976000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43132	date:	2017-09-19T00:00:00
db:	BID	id:	39136	date:	2010-03-30T00:00:00
db:	BID	id:	39087	date:	2010-03-31T23:02:00
db:	JVNDB	id:	JVNDB-2010-001334	date:	2010-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201003-508	date:	2010-04-01T00:00:00
db:	NVD	id:	CVE-2010-0527	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43132	date:	2010-03-31T00:00:00
db:	BID	id:	39136	date:	2010-03-30T00:00:00
db:	BID	id:	39087	date:	2010-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2010-001334	date:	2010-04-26T00:00:00
db:	PACKETSTORM	id:	87924	date:	2010-04-01T20:01:17
db:	CNNVD	id:	CNNVD-201003-508	date:	2010-03-31T00:00:00
db:	NVD	id:	CVE-2010-0527	date:	2010-03-31T18:30:00.280