Sign-up

ID

VAR-201312-0003


CVE

CVE-2010-1819


TITLE

Apple QuickTime of Picture Viewer Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-005656

DESCRIPTION

Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. (1) CoreVideo.dll (2) CoreGraphics.dll (3) CoreAudioToolbox.dll. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: QuickTime PictureViewer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41123 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the PictureViewer application loading libraries (e.g. CoreGraphics.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a MacPaint image (.mac) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.6.7 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mr Teatime ORIGINAL ADVISORY: Secunia blog: http://secunia.com/blog/120/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-1819 // JVNDB: JVNDB-2010-005656 // BID: 42774 // VULHUB: VHN-44424 // PACKETSTORM: 93326

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:7.6.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.6.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.6.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.6.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.6.6

Trust: 1.6

vendor:applemodel:quicktimescope:lteversion:7.6.7

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.6.8 (windows)

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:7.6.7

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6(1671)

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.64.17.73

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.8

Trust: 0.3

sources: BID: 42774 // JVNDB: JVNDB-2010-005656 // CNNVD: CNNVD-201312-540 // NVD: CVE-2010-1819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1819
value: HIGH

Trust: 1.0

NVD: CVE-2010-1819
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201312-540
value: CRITICAL

Trust: 0.6

VULHUB: VHN-44424
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1819
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44424
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44424 // JVNDB: JVNDB-2010-005656 // CNNVD: CNNVD-201312-540 // NVD: CVE-2010-1819

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2010-005656 // NVD: CVE-2010-1819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-540

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201312-540

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-005656

PATCH
title:APPLE-SA-2010-09-15-1url:http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html
Trust: 0.8
title:HT4339url:http://support.apple.com/kb/HT4339
Trust: 0.8
title:HT4339url:http://support.apple.com/kb/HT4339?viewlocale=ja_JP
Trust: 0.8
title:QuickTimeInstallerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47283
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-005656 // 
            
            
            
            CNNVD: CNNVD-201312-540

EXTERNAL IDS
db:NVDid:CVE-2010-1819
Trust: 2.8
db:JVNDBid:JVNDB-2010-005656
Trust: 0.8
db:CNNVDid:CNNVD-201312-540
Trust: 0.7
db:SECUNIAid:41123
Trust: 0.7
db:APPLEid:APPLE-SA-2010-09-15-1
Trust: 0.6
db:BIDid:42774
Trust: 0.4
db:VULHUBid:VHN-44424
Trust: 0.1
db:PACKETSTORMid:93326
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44424 // 
            
            
            
            BID: 42774 // 
            
            
            
            JVNDB: JVNDB-2010-005656 // 
            
            
            
            PACKETSTORM: 93326 // 
            
            
            
            CNNVD: CNNVD-201312-540 // 
            
            
            
            NVD: CVE-2010-1819

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010/sep/msg00003.html
Trust: 1.7
url:http://support.apple.com/kb/ht4339
Trust: 1.7
url:http://www.fortiguard.com/advisory/fga-2010-46/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1819
Trust: 0.8
url:http://jvn.jp/cert/jvnvu997815/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1819
Trust: 0.8
url:http://secunia.com/advisories/41123
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://blog.rapid7.com/?p=5325
Trust: 0.3
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0320.html
Trust: 0.3
url:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
Trust: 0.3
url:http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx
Trust: 0.3
url:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
Trust: 0.3
url:http://www.microsoft.com/technet/security/advisory/2269637.mspx
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=41123
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/41123/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/blog/120/
Trust: 0.1
url:http://secunia.com/_%22insecure%20library%20loading%22
Trust: 0.1
url:http://secunia.com/advisories/41123/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44424 // 
            
            
            
            BID: 42774 // 
            
            
            
            JVNDB: JVNDB-2010-005656 // 
            
            
            
            PACKETSTORM: 93326 // 
            
            
            
            CNNVD: CNNVD-201312-540 // 
            
            
            
            NVD: CVE-2010-1819

CREDITS
Kalyan and Haifei Li of Fortinet's FortiGuard Labs
Trust: 0.3
sources:
            
            
            BID: 42774

SOURCES
db:VULHUBid:VHN-44424
db:BIDid:42774
db:JVNDBid:JVNDB-2010-005656
db:PACKETSTORMid:93326
db:CNNVDid:CNNVD-201312-540
db:NVDid:CVE-2010-1819

LAST UPDATE DATE
2025-04-11T23:09:48.862000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44424date:2013-12-27T00:00:00
db:BIDid:42774date:2010-09-16T15:01:00
db:JVNDBid:JVNDB-2010-005656date:2014-01-06T00:00:00
db:CNNVDid:CNNVD-201312-540date:2013-12-30T00:00:00
db:NVDid:CVE-2010-1819date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-44424date:2013-12-27T00:00:00
db:BIDid:42774date:2010-08-26T00:00:00
db:JVNDBid:JVNDB-2010-005656date:2014-01-06T00:00:00
db:PACKETSTORMid:93326date:2010-08-31T10:27:19
db:CNNVDid:CNNVD-201312-540date:2013-12-30T00:00:00
db:NVDid:CVE-2010-1819date:2013-12-27T01:55:05.017