CVE-2010-0041 Information
Description
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Reference
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4105 http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38676 http://www.securitytracker.com/id?1023706 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6885
Share on: