CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0CVE-2011-0209 – Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0209
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. Desbordamiento de entero en QuickTime para Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de aplicación) a través de un archivo WAV RIFF hecho a mano. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2011-0197
https://notcve.org/view.php?id=CVE-2011-0197
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. El "App Store" de Apple Mac OS X antes de v10.6.8, crea una entrada de registro que contiene la contraseña del AppleID de un usuario, lo que podría permitir a usuarios locales obtener información sensible mediante la lectura de un archivo de registro, como lo demuestra un archivo de registro que no tenga los permisos predeterminados. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/48443 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0CVE-2011-0205
https://notcve.org/view.php?id=CVE-2011-0205
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. Una vulnerabilidad de desbordamiento de búfer de memoria dinámica en ImageIO en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de una imagen JPEG2000 debidamente modificada. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/48439 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 18EXPL: 0CVE-2011-0202
https://notcve.org/view.php?id=CVE-2011-0202
Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. Un desbordamiento de entero en CoreGraphics para Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de fuentes tipo 1 embebidas en un documento PDF. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 http://support.apple.com/kb/HT4808 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 2%CPEs: 20EXPL: 0CVE-2011-0204
https://notcve.org/view.php?id=CVE-2011-0204
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image. Una vulnerabilidad de desbordamiento de búfer de memoria dinámica en ImageIO en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen TIFF modificada a mano. • http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://osvdb.org/73368 http://support.apple.com/kb/HT4723 http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •