CVE-2010-0059 – Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0059
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. CoreAudio en Apple Mac OS X anterior v10.6.3 permite a atacantse remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria o caída de programa) a través de un contenido de audio manipulado con codificación QDM2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the rendering of an audio stream utilizing QDesign's audio codec. The application will perform an allocation utilizing a field specified in the sample's description. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510517/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0057
https://notcve.org/view.php?id=CVE-2010-0057
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 no previene el uso de invitado de los elementos compartidos de AFP cuando el acceso de invitado está deshabilitado, lo que permite a atacantes remotos evitar las restricciones de aceso previstas a través de una petición de montaje. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0056
https://notcve.org/view.php?id=CVE-2010-0056
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. Desbordamiento de búfer en Cocoa spell checking en AppKit en Apple Mac OS X v10.5.8 permite a atacantes asistidos remotamente por usuarios ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un documento manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari anterior a versión 4.1 sobre Mac OS X versión 10.4, y Safari en iPhone OS de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación), o leer la base de datos SMS u otros datos, por medio de vectores relacionados con "attribute manipulation", como es demostrado por Vincenzo Iozzo y Ralf Philipp Weinmann durante una competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. • https://www.exploit-db.com/exploits/16974 http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://news.cnet.com/8301-27080_3-20001126-245.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://securityreason.com/securityalert • CWE-399: Resource Management Errors •
CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. Vulnerabilidad de uso despues de liberacion en el interfaz de gestion de descriptores de fichero en la funcion cupsdDoSelect en scheduler/select.c en the scheduler en cupsd en CUPS v1.3.7, v1.3.9, v1.3.10, y v1.4.1, cuando se utiliza kqueue o epoll, permite a atacantes remotos producir una denegacion de servicio (caida de demonio o cuelgue) a traves de la desconexion del cliente durante el listado de un gran numero de trabajos de imporesion, relacionados con el inadecuado mantenimiento del numero de referencias. NOTA: Algunos de los detalles fueron obtenidos de terceras partes. • http://cups.org/articles.php?L596 http://cups.org/str.php?L3490 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html http://secunia.com/advisories/38785 http://secunia.com/advisories/38927 http://secunia.com/advisories/38979 http://secunia.com/advisories/40220 http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4188 http://www.mandriva.com • CWE-416: Use After Free •