CVE-2010-1797 – Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak'
https://notcve.org/view.php?id=CVE-2010-1797
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer en la región ?stack de la memoria en la función cff_decoder_parse_charstrings en el intérprete CFF Type2 CharStrings en el archivo cff/cffgload.c en FreeType anterior a versión 2.4.2, tal y como es usado en iOS de Apple anterior a versión 4.0.2 en el iPhone y iPod touch y anterior a versión 3.2.2 en el iPad, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de códigos CFF especialmente diseñados en fuentes insertadas en un documento PDF, como es demostrado por JailbreakMe. NOTA: algunos de estos detalles son obtenidos de información de terceros. • https://www.exploit-db.com/exploits/14538 https://www.exploit-db.com/exploits/14727 http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1407
https://notcve.org/view.php?id=CVE-2010-1407
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. WebKit en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada el método history.replaceState en ciertas situaciones relacionadas con elementos IFRAME, lo que permite a atacantes remotos obtener información sensible mediante un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4225 http://support.apple.com/kb/HT4456 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-1775
https://notcve.org/view.php?id=CVE-2010-1775
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Condición de carrera en Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes físicamente próximos eludir los requerimientos de contraseña establecidos y asociar un dispositivo bloqueado con una computadora y acceder a datos de su elección, a través de vectores relacionados con el arranque inicial. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/59637 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2010-1387
https://notcve.org/view.php?id=CVE-2010-1387
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. Vulnerabilidad no específicada en WebKit en Apple iTunes anteriores a v9.2 en Windows, tiene un impacto y vectores de ataque desconocidos, es una vulnerabilidad diferente a CVE-2010-1387 y CVE-2010-1769. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024108 http:/ • CWE-399: Resource Management Errors •
CVE-2010-1029 – iPhone - 'WebCore::CSSSelector()' Remote Crash
https://notcve.org/view.php?id=CVE-2010-1029
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. Vulnerabilidad de consumo en la pila en la función WebCore:: CSSSelector en WebKit, utilizado en Apple Safari v4.0.4, Apple Safari en iPhone OS y iPhone OS para iPod touch, y Google Chrome v4.0.249, permite a tacantes remotos provocar una denegación de servicio(caída de aplicación) o posiblemente ejecutar código de su elección a través de un elemento STYLE compuesto de un número largo de secuencias *> • https://www.exploit-db.com/exploits/11574 https://www.exploit-db.com/exploits/11567 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://www.exploit-db.com/exploits/11567 http://www.exploit-db.com/exploits/11574 http://www.securityfocus.com/bid/38398 http://www.vupen.com/english/advisories/2011/0212 https://exchange.xforce.ibmcloud.com/vulnerabilities/56524 https://exchange.xforce.ibmcloud.com/vulnerabilities/56527 https • CWE-399: Resource Management Errors •