VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信
[ about VRDA Feed | JPCERT/CC



 
分析対象脆弱性情報 (リビジョン番号 : 1) [ Download XML
CVE-2010-3802
quicktime: Integer signedness error in Apple QuickTime before ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3802

原文

Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.

翻訳   (表示)





この情報について
分析情報提供元:
NIST NVD
初版公開日:
2010-12-09
分析対象脆弱性情報の分類:
アドバイザリ・注意喚起
最終更新日:
2010-12-10




脆弱性の影響を受ける製品の識別子
cpe:/a:apple:quicktime:3.0
cpe:/a:apple:quicktime:4.1.2
cpe:/a:apple:quicktime:5.0
cpe:/a:apple:quicktime:5.0.1
cpe:/a:apple:quicktime:5.0.2
cpe:/a:apple:quicktime:6.0
cpe:/a:apple:quicktime:6.0.0
cpe:/a:apple:quicktime:6.0.1
cpe:/a:apple:quicktime:6.0.2
cpe:/a:apple:quicktime:6.1
cpe:/a:apple:quicktime:6.1.0
cpe:/a:apple:quicktime:6.1.1
cpe:/a:apple:quicktime:6.2.0
cpe:/a:apple:quicktime:6.3.0
cpe:/a:apple:quicktime:6.4.0
cpe:/a:apple:quicktime:6.5
cpe:/a:apple:quicktime:6.5.0
cpe:/a:apple:quicktime:6.5.1
cpe:/a:apple:quicktime:6.5.2
cpe:/a:apple:quicktime:7.0
cpe:/a:apple:quicktime:7.0.0
cpe:/a:apple:quicktime:7.0.1
cpe:/a:apple:quicktime:7.0.2
cpe:/a:apple:quicktime:7.0.3
cpe:/a:apple:quicktime:7.0.4
cpe:/a:apple:quicktime:7.1
cpe:/a:apple:quicktime:7.1.0
cpe:/a:apple:quicktime:7.1.1
cpe:/a:apple:quicktime:7.1.2
cpe:/a:apple:quicktime:7.1.3
cpe:/a:apple:quicktime:7.1.4
cpe:/a:apple:quicktime:7.1.5
cpe:/a:apple:quicktime:7.1.6
cpe:/a:apple:quicktime:7.2
cpe:/a:apple:quicktime:7.2.1
cpe:/a:apple:quicktime:7.3
cpe:/a:apple:quicktime:7.3.0
cpe:/a:apple:quicktime:7.3.1
cpe:/a:apple:quicktime:7.3.1.70
cpe:/a:apple:quicktime:7.4
cpe:/a:apple:quicktime:7.4.0
cpe:/a:apple:quicktime:7.4.1
cpe:/a:apple:quicktime:7.4.5
cpe:/a:apple:quicktime:7.5.0
cpe:/a:apple:quicktime:7.5.5
cpe:/a:apple:quicktime:7.6.0
cpe:/a:apple:quicktime:7.6.1
cpe:/a:apple:quicktime:7.6.2
cpe:/a:apple:quicktime:7.6.5
cpe:/a:apple:quicktime:7.6.6
cpe:/a:apple:quicktime:7.6.7
cpe:/a:apple:quicktime:7.6.8 and previous versions
 


脆弱性の分析内容
[攻撃元区分]  [?]
未評価 [?]

ローカル [?]
隣接 [?]
X ネットワーク [?]

[攻撃条件の複雑さ]  [?]
未評価 [?]

 [?]
X [?]
 [?]

[攻撃前の認証要否]  [?]
未評価 [?]

複数 [?]
単一 [?]
X 不要 [?]

[機密性への影響]  [?]
未評価 [?]

影響なし [?]
部分的 [?]
X 全面的 [?]

[完全性への影響]  [?]
未評価 [?]

影響なし [?]
部分的 [?]
X 全面的 [?]

[可用性への影響]  [?]
未評価 [?]

影響なし [?]
部分的 [?]
X 全面的 [?]

関連情報




参考情報
APPLE APPLE-SA-2010-12-07-1




CONFIRM http://support.apple.com/kb/HT4447




MISC http://zerodayinitiative.com/advisories/ZDI-10-260/




Vulnerability Type Numeric Errors (CWE-189)





Copyright © 2010 JPCERT/CC All Rights Reserved.