CVSS: 9.7EPSS: 22%CPEs: 44EXPL: 0CVE-2011-1417 – Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1417
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Un desbordamiento de enteros en QuickLook, tal y como es usado en Mac OS X anterior a versión 10.6.7 y MobileSafari en iOS anterior a versión 4.2.7 y versiones 4.3.x anteriores a 4.3.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de un documento de Microsoft Office con un campo de tamaño diseñado en OfficeArtMetafileHeader, relacionado a OfficeArtBlip, como es demostrado en el iPhone por Charlie Miller y Dion Blazakis durante una competencia de Pwn2Own en CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00005.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4607 http://support& • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 3CVE-2010-4754
https://notcve.org/view.php?id=CVE-2010-4754
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. La implementación glob en libc en FreeBSD versiones 7.3 y 8.1, NetBSD versión 5.0.2 y OpenBSD versión 4.7, y Libsystem en Mac OS X de Apple anterior a versión 10.6.8, permite los usuarios remotos identificados causar una denegación de servicio (consumo de CPU y memoria) por medio de expresiones glob especialmente diseñadas que no coinciden con ningún nombre de ruta (path), como es demostrado por las expresiones glob en comandos STAT a un demonio FTP, una vulnerabilidad diferente de CVE-2010-2632. • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1 http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.c#rev1.18.10.1 http://cxib.net/stuff/glob-0day.c http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://securityreason.com/achievement_securityalert/89 http://securityreason.com/exploitalert/9223 http://securityreason • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2010-4013
https://notcve.org/view.php?id=CVE-2010-4013
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. Vulnerabilidad de formato de cadena en PackageKit en Apple Mac OS X v10.6.x antes de v10.6.6 permite a atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores relacionados con la interacción entre Software Update y secuencias de comandos de distribución. • http://lists.apple.com/archives/security-announce/2011//Jan/msg00000.html http://osvdb.org/70309 http://secunia.com/advisories/42841 http://support.apple.com/kb/HT4498 http://www.securitytracker.com/id?1024938 http://www.vupen.com/english/advisories/2011/0050 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2010-4494 – libxml2: double-free in XPath processing code
https://notcve.org/view.php?id=CVE-2010-4494
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Vulnerabilidad de liberación doble en libxml2 2.7.8 y otras versiones, tal como se utiliza en Google Chrome en versiones anteriores a 8.0.552.215 y otros productos, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con el manejo de XPath. • http://code.google.com/p/chromium/issues/detail?id=63444 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-Ma • CWE-415: Double Free •
CVSS: 9.3EPSS: 11%CPEs: 126EXPL: 0CVE-2010-3818
https://notcve.org/view.php?id=CVE-2010-3818
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. Vulnerabilidad de uso después de liberación en WebKit en Apple Safari anterior a v5.0.3 sobre Mac OS X v10.5 hasta v10.6 y Windows, y before v4.1.3 sobre Mac OS X v10.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores que involucran cajas de texto en línea. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 https:// • CWE-399: Resource Management Errors •