CVE-2009-0154
Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
Desbordamiento de búfer basado en pila en Apple Type Services (ATS) en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario a través de una fuente Compact Font Format (CFF) elaborada.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw appears to exist in the ATSServer font server upon parsing of malicious Compact Font Format files. A boundary condition exists in the parsing of internal dictionaries that can lead to a memory corruption allowing the execution of arbitrary code.
*Credits:
Charlie Miller, Independent Security Evaluators
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-01-16 CVE Reserved
- 2009-05-13 CVE Published
- 2024-08-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/35074 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/503597/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/34926 | Vdb Entry | |
| http://www.securitytracker.com/id?1022218 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2009/1297 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-09-023 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50478 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | 2018-10-11 | |
| http://support.apple.com/kb/HT3549 | 2018-10-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.11 Search vendor "Apple" for product "Mac Os X" and version "10.4.11" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.0 Search vendor "Apple" for product "Mac Os X" and version "10.5.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.1 Search vendor "Apple" for product "Mac Os X" and version "10.5.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.2 Search vendor "Apple" for product "Mac Os X" and version "10.5.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.3 Search vendor "Apple" for product "Mac Os X" and version "10.5.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.4 Search vendor "Apple" for product "Mac Os X" and version "10.5.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.5 Search vendor "Apple" for product "Mac Os X" and version "10.5.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.6 Search vendor "Apple" for product "Mac Os X" and version "10.5.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.4.11 Search vendor "Apple" for product "Mac Os X Server" and version "10.4.11" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.3 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.4 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.5 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.6 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.6" | - |
Affected
| ||||||