CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2009-0942
https://notcve.org/view.php?id=CVE-2009-0942
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no comprueba que ciertas Hojas de Estilo en Cascada (CSS) se encuentran en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: lo cual desencadena invocación de archivos AppleScript. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022216 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50485 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2009-0158
https://notcve.org/view.php?id=CVE-2009-0158
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. Desbordamiento de búfer basado en pila en telnet en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un nombre de host largo para un servidor telnet. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=136482797910018&w=2 http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 12%CPEs: 15EXPL: 0CVE-2009-0145
https://notcve.org/view.php?id=CVE-2009-0145
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. CoreGraphics en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un archivo PDF manipulado que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35074 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022209 htt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2009-0160
https://notcve.org/view.php?id=CVE-2009-0160
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PICT elaborado lo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34937 http://www.securitytracker.com/id?1022209 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 17EXPL: 0CVE-2009-0010 – Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0010
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicacion) a través de una imagen PICT elaborada que desencadena un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/503878/100/0/threaded http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34938 http://www.securitytracker.com/id?1022209 http:/ • CWE-189: Numeric Errors •