CVE-2010-0042 Information
Description
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
Reference
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4105 http://support.apple.com/kb/HT4225 http://support.apple.com/kb/HT4456 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38677 http://www.securitytracker.com/id?1023706 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7561
Share on: