cvelistv5 - cve-2010-0529

CVE-2010-0529 (GCVE-0-2010-0529)

Vulnerability from cvelistv5

Published

2010-03-31 18:00

Modified

2024-08-07 00:52

Severity ?

CWE

Summary

Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.

References

►

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html	Patch, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/archive/1/510569/100/0/threaded
product-security@apple.com	http://www.zerodayinitiative.com/advisories/ZDI-10-067
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/510569/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-067
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:19.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6780",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
          },
          {
            "name": "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
          },
          {
            "name": "APPLE-SA-2010-03-30-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6780",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
        },
        {
          "name": "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
        },
        {
          "name": "APPLE-SA-2010-03-30-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6780",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
            },
            {
              "name": "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-067",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
            },
            {
              "name": "APPLE-SA-2010-03-30-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-0529",
    "datePublished": "2010-03-31T18:00:00",
    "dateReserved": "2010-02-03T00:00:00",
    "dateUpdated": "2024-08-07T00:52:19.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0529\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-03-31T18:30:00.343\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.\"},{\"lang\":\"es\",\"value\":\"El desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el archivo QuickTime.qts en QuickTime de Apple anterior a versi\u00f3n 7.6.6 sobre Windows, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de una imagen PICT con un BkPixPat Opcode (0x12) que contiene valores dise\u00f1ados que se utilizan en un c\u00e1lculo para la asignaci\u00f3n de memoria\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.0\",\"matchCriteriaId\":\"B27C0810-E6C3-44D9-8EA1-BBCF0C681F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"3F4075B0-0F9F-466B-8521-2156849247C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"DF2A6BCB-108E-4226-BC31-6E0057DFB6D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"F8BF6A6A-F734-4395-9305-2E9F52EE888F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"AFCB45F3-397E-42A8-8D08-ECF667939FF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"D5C04F70-E2E6-48F4-948D-9D0C7B2A2F3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"E1DB3FBD-40F4-41FB-A939-3E3A4D0D85B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"F45B47BB-E14F-4437-8828-EF059496BF95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"9B353211-F90E-4F38-9D0B-B8C7EC00E66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"F6A44CA9-D257-4BB7-B5AB-23193F35FCB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"9B8F4241-551B-492D-8602-06146B05CF13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.5:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"2BA9C6F7-513B-426F-90AD-7E826433CEF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.6:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"5B709D68-8474-4AAE-AA11-777EF510E1AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.2.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"4DCEE583-6CD2-4098-9A2A-B006A5023318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.2.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"52AD56F9-0CE6-4949-9853-3274A2C81601\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"555B1A2A-95F5-4B06-8774-FF952BEC2FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"CEA210F5-71F6-4528-B2B4-507AA4A435EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"081712FF-C6B8-423B-8F20-C79D25DE782F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"CF045B49-11A3-447A-9D05-1E8794980A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.5:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"939BE521-A385-4A1A-B4B0-C4687751D4A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.5.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"304CFC80-E925-4CB8-8251-0FD0F09B8410\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.5.5:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"DFD95CD9-E387-4EC8-B6EA-FBC6961E4C8F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56B932B-9593-44E2-B610-E4EB2143EB21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/510569/100/0/threaded\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-067\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/510569/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-10-067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html\\r\\n\\r\\n\u0027This issue does not affect Mac OS X systems.\u0027\"}}"
  }
}

ghsa-58rc-hpq4-f2gh

Vulnerability from github

Published

2022-05-02 06:13

Modified

2022-05-02 06:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-31T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.",
  "id": "GHSA-58rc-hpq4-f2gh",
  "modified": "2022-05-02T06:13:29Z",
  "published": "2022-05-02T06:13:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0529"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2010-0529

Vulnerability from fkie_nvd

Published

2010-03-31 18:30

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html	Patch, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/archive/1/510569/100/0/threaded
product-security@apple.com	http://www.zerodayinitiative.com/advisories/ZDI-10-067
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/510569/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-10-067
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780

Impacted products

Vendor	Product	Version
apple	quicktime	*
apple	quicktime	7.0.0
apple	quicktime	7.0.1
apple	quicktime	7.0.2
apple	quicktime	7.0.3
apple	quicktime	7.0.4
apple	quicktime	7.1.0
apple	quicktime	7.1.1
apple	quicktime	7.1.2
apple	quicktime	7.1.3
apple	quicktime	7.1.4
apple	quicktime	7.1.5
apple	quicktime	7.1.6
apple	quicktime	7.2.0
apple	quicktime	7.2.1
apple	quicktime	7.3.0
apple	quicktime	7.3.1
apple	quicktime	7.4.0
apple	quicktime	7.4.1
apple	quicktime	7.4.5
apple	quicktime	7.5.0
apple	quicktime	7.5.5
microsoft	windows_7	*
microsoft	windows_vista	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
              "matchCriteriaId": "B27C0810-E6C3-44D9-8EA1-BBCF0C681F71",
              "versionEndIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "3F4075B0-0F9F-466B-8521-2156849247C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "DF2A6BCB-108E-4226-BC31-6E0057DFB6D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F8BF6A6A-F734-4395-9305-2E9F52EE888F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
              "matchCriteriaId": "AFCB45F3-397E-42A8-8D08-ECF667939FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
              "matchCriteriaId": "D5C04F70-E2E6-48F4-948D-9D0C7B2A2F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "E1DB3FBD-40F4-41FB-A939-3E3A4D0D85B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F45B47BB-E14F-4437-8828-EF059496BF95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "9B353211-F90E-4F38-9D0B-B8C7EC00E66F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
              "matchCriteriaId": "F6A44CA9-D257-4BB7-B5AB-23193F35FCB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*",
              "matchCriteriaId": "9B8F4241-551B-492D-8602-06146B05CF13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.5:-:windows:*:*:*:*:*",
              "matchCriteriaId": "2BA9C6F7-513B-426F-90AD-7E826433CEF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.6:-:windows:*:*:*:*:*",
              "matchCriteriaId": "5B709D68-8474-4AAE-AA11-777EF510E1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "4DCEE583-6CD2-4098-9A2A-B006A5023318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "52AD56F9-0CE6-4949-9853-3274A2C81601",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "555B1A2A-95F5-4B06-8774-FF952BEC2FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "CEA210F5-71F6-4528-B2B4-507AA4A435EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "081712FF-C6B8-423B-8F20-C79D25DE782F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.1:-:windows:*:*:*:*:*",
              "matchCriteriaId": "CF045B49-11A3-447A-9D05-1E8794980A81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.5:-:windows:*:*:*:*:*",
              "matchCriteriaId": "939BE521-A385-4A1A-B4B0-C4687751D4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.5.0:-:windows:*:*:*:*:*",
              "matchCriteriaId": "304CFC80-E925-4CB8-8251-0FD0F09B8410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.5.5:-:windows:*:*:*:*:*",
              "matchCriteriaId": "DFD95CD9-E387-4EC8-B6EA-FBC6961E4C8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation."
    },
    {
      "lang": "es",
      "value": "El desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el archivo QuickTime.qts en QuickTime de Apple anterior a versi\u00f3n 7.6.6 sobre Windows, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de una imagen PICT con un BkPixPat Opcode (0x12) que contiene valores dise\u00f1ados que se utilizan en un c\u00e1lculo para la asignaci\u00f3n de memoria"
    }
  ],
  "evaluatorImpact": "Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html\r\n\r\n\u0027This issue does not affect Mac OS X systems.\u0027",
  "id": "CVE-2010-0529",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-31T18:30:00.343",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2010-0529

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-0529

Aliases

CVE-2010-0529

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0529",
    "description": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.",
    "id": "GSD-2010-0529"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0529"
      ],
      "details": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.",
      "id": "GSD-2010-0529",
      "modified": "2023-12-13T01:21:29.438301Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-0529",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:6780",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
          },
          {
            "name": "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-067",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
          },
          {
            "name": "APPLE-SA-2010-03-30-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:-:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0529"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-30-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-067",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067"
            },
            {
              "name": "oval:org.mitre.oval:def:6780",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780"
            },
            {
              "name": "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:53Z",
      "publishedDate": "2010-03-31T18:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0529 (GCVE-0-2010-0529)

Vulnerability from cvelistv5

ghsa-58rc-hpq4-f2gh

Vulnerability from github

fkie_cve-2010-0529

Vulnerability from fkie_nvd

gsd-2010-0529

Vulnerability from gsd

Tags

Sightings

Nomenclature