CVSS: 9.3EPSS: 6%CPEs: 72EXPL: 0CVE-2009-0945 – Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. WebKit, utilizado en Safari anterior a v3.2.3 y v4 Public Beta, en Apple Mac OS X v10.4.11 y v10.5 y anteriores a v10.5.7 y Windows permite a atacantes remotos ejecutar código arbitrario a través de un objeto elaborado SVGList que provoca una corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. • http://code.google.com/p/chromium/issues/detail?id=9019 http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html&# • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 0CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 62%CPEs: 18EXPL: 0CVE-2009-0846 – krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)
https://notcve.org/view.php?id=CVE-2009-0846
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. La función asn1_decode_generaltime en lib/krb5/asn.1/asn1_decode.c en el decodificador ASN.1 GeneralizedTime en MIT Kerberos 5 (también conocido como Krb5) anteriores a v1.6.4, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecución de código de su elección a través de vectores que implican una codificación DER inválida, que provocará una liberación del puntero no inicializado. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.vmware.com/pipermail/security-announce/2009/000059.html http://marc.info/?l=bugtraq&m=124896429301168&w=2 http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://rhn.redhat.com/errata/RHSA-2009-0409.html http://rhn.redhat.com/errata/RHSA-2009-0410.html http://secunia.com/advisories/34594 http://secunia.com/advisories/34598 http://secunia.com/advisories/34617 http://secunia.com/adv • CWE-416: Use After Free CWE-824: Access of Uninitialized Pointer •
CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 3CVE-2009-1238 – Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1238
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. Condición de carrera en el interfaz HFS vfs sysctl en XNU v1228.8.20 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios locales producir una denegación de servicio (corrupción de la memoria del kernel) mediante la ejecucion simultanea de la ruta de código HFS_SET_PKG_EXTENSIONS en múltiples lineas de ejecución, lo cual es problemático debido a la ausencia de bloqueo de mutex para una variable inespecífica global. • https://www.exploit-db.com/exploits/8265 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-vfssysctl-dos.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34202 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 8%CPEs: 114EXPL: 3CVE-2009-1236 – Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1236
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. Desbordamiento de búfer basado en pila en AppleTalk networking stack en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 permite a atacantes remotos producir una denegación de servicio (caída del sistema) a través de un paquete NOTIFY (también conocido como ZIPOP_NOTIFY) que sobrescribe miembro de estructura ifPort. • https://www.exploit-db.com/exploits/8262 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •