CVE-2010-3786 : QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of

QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.

Published 2010-11-16 22:00:16

Updated 2011-10-21 02:48:45

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-3786

Probability of exploitation activity in the next 30 days: 2.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-3786

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-3786

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-3786

http://www.securitytracker.com/id?1024723

Mac OS X Lets Remote Users Execute Arbitrary Code, Deny Service, and Obtain Information - SecurityTracker

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Apple - Lists.apple.com

CVEs referencing this url
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=881
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
http://support.apple.com/kb/HT4456

About the security content of iOS 4.2 - Apple Support

CVEs referencing this url
http://support.apple.com/kb/HT4435

We're sorry.
Patch;Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/3046

Webmail | OVH- OVH

CVEs referencing this url
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00006.html

Apple - Lists.apple.com

CVEs referencing this url
http://support.apple.com/kb/HT5004

About the security content of Numbers for iOS v1.5 - Apple Support

CVEs referencing this url

Products affected by CVE-2010-3786

Apple » Mac Os X » Version: 10.6.1
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.6.0
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.6.2
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.6.4
cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.6.3
cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.6.1
cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.6.0
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.6.2
cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.6.3
cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.6.4
cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-3786

Exploit prediction scoring system (EPSS) score for CVE-2010-3786

CVSS scores for CVE-2010-3786

CWE ids for CVE-2010-3786

References for CVE-2010-3786

Products affected by CVE-2010-3786