CVE-2010-0036

2010-01-2016:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-0036

buffer overflow

coreaudio

apple

mac os x

remote attackers

arbitrary code execution

denial of service

mp4 audio file

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.

Affected configurations

NVD

Node

applemac_os_xMatch10.5.8

applemac_os_xMatch10.6.2

applemac_os_x_serverMatch10.5.8

applemac_os_x_serverMatch10.6.2

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.5.8
apple:mac_os_xapple mac os xeq10.6.2
apple:mac_os_x_serverapple mac os x servereq10.5.8
apple:mac_os_x_serverapple mac os x servereq10.6.2

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.5.8
apple:mac_os_x	apple mac os x	eq	10.6.2
apple:mac_os_x_server	apple mac os x server	eq	10.5.8
apple:mac_os_x_server	apple mac os x server	eq	10.6.2