Vulnerabilities > CVE-2011-0209 - Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME77.NASL
    descriptionThe version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime
    last seen2020-06-01
    modified2020-06-02
    plugin id55763
    published2011-08-04
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55763
    titleQuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(55763);
      script_version("1.19");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2011-0186",
        "CVE-2011-0187",
        "CVE-2011-0209",
        "CVE-2011-0210",
        "CVE-2011-0211",
        "CVE-2011-0213",
        "CVE-2011-0245",
        "CVE-2011-0249",
        "CVE-2011-0250",
        "CVE-2011-0251",
        "CVE-2011-0252",
        "CVE-2011-0256",
        "CVE-2011-0257"
      );
      script_bugtraq_id(
        46992,
        46995,
        48419,
        48420,
        48430,
        48442,
        49028,
        49034,
        49035,
        49036,
        49038,
        49144,
        49170
      );
    
      script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of QuickTime on Mac OS X");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Mac OS X host contains an application that may be affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of QuickTime installed on the remote Mac OS X host is
    older than 7.7.  As such, it reportedly may be affected by the
    following vulnerabilities :
    
      - A buffer overflow in QuickTime's handling of pict files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0245)
    
      - A buffer overflow in QuickTime's handling of JPEG2000
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0186)
    
      - A cross-origin issue in QuickTime plug-in's handling of
        cross-site redirects may lead to disclosure of video
        data from another site. (CVE-2011-0187)
    
      - An integer overflow in QuickTime's handling of RIFF WAV
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0209)
    
      - A memory corruption issue in QuickTime's handling of
        sample tables in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0210)
    
      - An integer overflow in QuickTime's handling of audio
        channels in movie files may lead to an application
        crash or arbitrary code execution. (CVE-2011-0211)
    
      - A buffer overflow in QuickTime's handling of JPEG files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0213)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSC atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0249)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0250)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSZ atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0251)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STTS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0252)
    
      - A stack-based buffer overflow in QuickTime's handling of
        PICT files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0257)
    
      - An integer overflow in QuickTime's handling of track run
        atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0256)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.apple.com/kb/HT4826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to QuickTime 7.7 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_Quicktime652.nasl", "ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/QuickTime/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    
    
    # Mac OS X 10.5 only.
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    if (!ereg(pattern:"Mac OS X 10\.5([^0-9]|$)", string:os)) 
      exit(0, "The host is running "+os+" and therefore is not affected.");
    
    
    version = get_kb_item_or_exit("MacOSX/QuickTime/Version");
    fixed_version = "7.7";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Installed version : ' + version + 
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else exit(0, "The remote host is not affected since QuickTime "+version+" is installed.");
    
  • NASL familyWindows
    NASL idQUICKTIME_77.NASL
    descriptionThe version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime
    last seen2020-06-01
    modified2020-06-02
    plugin id55764
    published2011-08-04
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55764
    titleQuickTime < 7.7 Multiple Vulnerabilities (Windows)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(55764);
      script_version("1.24");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2011-0186",
        "CVE-2011-0187",
        "CVE-2011-0209",
        "CVE-2011-0210",
        "CVE-2011-0211",
        "CVE-2011-0213",
        "CVE-2011-0245",
        "CVE-2011-0246",
        "CVE-2011-0247",
        "CVE-2011-0248",
        "CVE-2011-0249",
        "CVE-2011-0250",
        "CVE-2011-0251",
        "CVE-2011-0252",
        "CVE-2011-0256",
        "CVE-2011-0257",
        "CVE-2011-0258"
      );
      script_bugtraq_id(
        46992,
        46995,
        48419,
        48420,
        48430,
        48442,
        49028,
        49029,
        49030,
        49031,
        49034,
        49035,
        49036,
        49038,
        49144,
        49170,
        49396
      );
    
      script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Windows)");
      script_summary(english:"Checks version of QuickTime on Windows");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains an application that may be
    affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of QuickTime installed on the remote Windows host is
    older than 7.7.  As such, it reportedly may be affected by the
    following vulnerabilities :
    
      - A buffer overflow in QuickTime's handling of pict files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0245)
    
      - A buffer overflow in QuickTime's handling of JPEG2000
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0186)
    
      - A cross-origin issue in QuickTime plug-in's handling of
        cross-site redirects may lead to disclosure of video
        data from another site. (CVE-2011-0187)
    
      - An integer overflow in QuickTime's handling of RIFF WAV
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0209)
    
      - A memory corruption issue in QuickTime's handling of
        sample tables in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0210)
    
      - An integer overflow in QuickTime's handling of audio
        channels in movie files may lead to an application
        crash or arbitrary code execution. (CVE-2011-0211)
    
      - A buffer overflow in QuickTime's handling of JPEG files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0213)
    
      - A heap-based buffer overflow in QuickTime's handling of
        GIF files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0246)
    
      - Multiple stack-based buffer overflows in QuickTime's
        handling of H.264 encoded movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0247)
    
      - A stack-based buffer overflow in the QuickTime ActiveX's
        handling of QTL files may lead to an application crash
        or arbitrary code execution. (CVE-2011-0248)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSC atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0249)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0250)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSZ atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0251)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STTS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0252)
    
      - A stack-based buffer overflow in QuickTime's handling of
        PICT files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0257)
    
      - An integer overflow in QuickTime's handling of track run
        atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0256)
    
      - Memory corruption in Quicktime's handling of mp4v codec
        information. (CVE-2011-0258)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.zerodayinitiative.com/advisories/ZDI-11-255/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.zerodayinitiative.com/advisories/ZDI-11-256/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.zerodayinitiative.com/advisories/ZDI-11-277/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.apple.com/kb/HT4826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to QuickTime 7.7 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("quicktime_installed.nasl");
      script_require_keys("SMB/QuickTime/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    kb_base = "SMB/QuickTime/";
    
    version = get_kb_item_or_exit(kb_base+"Version");
    version_ui = get_kb_item(kb_base+"Version_UI");
    
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui;
    
    fixed_version = "7.70.80.34";
    fixed_version_ui = "7.7 (1680.34)";
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      if (report_verbosity > 0)
      {
        path = get_kb_item(kb_base+"Path");
        if (isnull(path)) path = 'n/a';
    
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version_report+
          '\n  Fixed version     : '+fixed_version_ui+'\n';
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    else exit(0, "The host is not affected since QuickTime "+version_report+" is installed.");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_8.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id55416
    published2011-06-24
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55416
    titleMac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55416);
      script_version("1.20");
      script_cvs_date("Date: 2018/08/22 16:49:14");
    
      script_cve_id(
        "CVE-2009-3245",
        "CVE-2010-0740",
        "CVE-2010-2632",
        "CVE-2010-3677",
        "CVE-2010-3682",
        "CVE-2010-3790",
        "CVE-2010-3833",
        "CVE-2010-3834",
        "CVE-2010-3835",
        "CVE-2010-3836",
        "CVE-2010-3837",
        "CVE-2010-3838",
        "CVE-2010-3864",
        "CVE-2010-4180",
        "CVE-2010-4651",
        "CVE-2011-0014",
        "CVE-2011-0195",
        "CVE-2011-0197",
        "CVE-2011-0198",
        "CVE-2011-0199",
        "CVE-2011-0201",
        "CVE-2011-0202",
        "CVE-2011-0203",
        "CVE-2011-0204",
        "CVE-2011-0205",
        "CVE-2011-0206",
        "CVE-2011-0207",
        "CVE-2011-0208",
        "CVE-2011-0209",
        "CVE-2011-0210",
        "CVE-2011-0211",
        "CVE-2011-0212",
        "CVE-2011-0213",
        "CVE-2011-0715",
        "CVE-2011-0719",
        "CVE-2011-1132"
      );
      script_bugtraq_id(
        38562,
        39013,
        42599,
        42646,
        43676,
        43819,
        44794,
        44884,
        45164,
        46264,
        46597,
        46734,
        46768,
        47668,
        48418,
        48419,
        48420,
        48422,
        48426,
        48427,
        48429,
        48430,
        48436,
        48437,
        48439,
        48440,
        48442,
        48443,
        48444,
        48445,
        48447
      );
    
      script_name(english:"Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities");
      script_summary(english:"Check the version of Mac OS X");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes several
    security issues."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote host is running a version of Mac OS X 10.6.x that is prior
    to 10.6.8. This update contains security-related fixes for the
    following components :
    
      - App Store
      - ATS
      - Certificate Trust Policy
      - CoreFoundation
      - CoreGraphics
      - FTP Server
      - ImageIO
      - International Components for Unicode
      - Kernel
      - Libsystem
      - libxslt
      - MobileMe
      - MySQL
      - OpenSSL
      - patch
      - QuickLook
      - QuickTime
      - Samba
      - servermgrd
      - subversion"
      );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4723");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.6.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20);
    ;                 # CVE-2009-3245
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/06/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/24");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
    
     exit(0);
    }
    
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item("Host/OS");
      if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing.");
      if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X.");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    
    
    if (ereg(pattern:"Mac OS X 10\.6($|\.[0-7]([^0-9]|$))", string:os)) security_hole(0);
    else exit(0, "The host is not affected as it is running "+os+".");
    

Seebug

  • bulletinFamilyexploit
    descriptionBugtraq ID: 48412 CVE ID:CVE-2011-0196 CVE-2011-0197 CVE-2011-0198 CVE-2011-0199 CVE-2011-0200 CVE-2011-0201 CVE-2011-0202 CVE-2011-0203 CVE-2011-0204 CVE-2011-0205 CVE-2011-0206 CVE-2011-0207 CVE-2011-0208 CVE-2011-0209 CVE-2011-0210 CVE-2011-0211 CVE-2011-0212 CVE-2011-0213 CVE-2011-1132 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X 2011-004安全公告修复了多个安全漏洞,这些漏洞影响AirPort, App Store, ATS, Certificate Trust Policy, ColorSync, CoreFoundation, CoreGraphics, FTP Server, ImageIO, International Components for Unicode, MobileMe, QuickLook, QuickTime和servermgrd。 CVE-2011-0196: CNCVE ID:CNCVE-20110196 CNCVE-20110196 处理Wi-Fi帧存在越界读问题,当连接到Wi-Fi时,在同一网络的攻击者可使系统重置。 CVE-2011-0197: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 在某些条件下,App Store会记录用户AppleID密码到其他用户不可读的文件中。 CVE-2011-0198: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 处理TrueType字体存在堆缓冲区溢出,查看或下载包含恶意字体的文档可执行任意代码。 CVE-2011-0199: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 证书信任策略存在一个错误处理问题。如果扩展验证(EV)证书没有OCSP URL,并且启用了CRL,那么CRL不会被检查并会接收作废的证书作为合法证书。 CVE-2011-0200: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 处理嵌入ColorSync配置文件的图像时存在整数溢出,可导致堆缓冲区溢出。 CVE-2011-0201: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 处理CFStrings存在单字节缓冲区溢出,可导致应用程序崩溃或任意代码执行。 CVE-2011-0202: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 处理Type 1字体存在整数溢出,查看和下载嵌入特制字体的文档可导致任意代码执行。 CVE-2011-0203: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 xftpd存在路径校验错误,具有FTP访问的用户可列出系统文件。 CVE-2011-0204: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 ImageIO处理TIFF图像存在堆缓冲区溢出,查看特制的TIFF图像可导致应用程序崩溃或执行任意代码。 CVE-2011-0205: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 ImageIO处理JPEG2000图像存在堆缓冲区溢出,查看特制的TIFF图像可导致应用程序崩溃或执行任意代码。 CVE-2011-0206: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 ICU处理大写字符串存在缓冲区溢出,可使使用ICU的应用程序崩溃。 CVE-2011-0207: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 通过MobileMe连接判断用户Email别名时,邮件会通过HTTP提交请求,结果可导致一个具体有特权网络位置的攻击者读取用户MobileMe email别名。 CVE-2011-0208: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 QuickLook处理Microsoft office文件存在内存破坏,下载特制的Microsoft Office文件可使应用程序崩溃或执行任意代码。 CVE-2011-0209: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 QuickTime处理RIFF WAV文件存在整数溢出,查看特制WAV文件可使应用程序崩溃或执行任意代码。 CVE-2011-0210: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 QuickTime处理QuickTime电影文件中的示例表时存在内存破坏,查看特制电影文件可使应用程序崩溃或执行任意代码。 CVE-2011-0211: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 QuickTime处理QuickTime电影文件存在整数溢出,查看特制电影文件可使应用程序崩溃或执行任意代码。 CVE-2011-0212: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 QuickTime处理PICT图像存在缓冲区溢出,查看特制PICT图像文件可使应用程序崩溃或执行任意代码。 CVE-2011-0213: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 CNCVE-20110213 QuickTime处理JPEG图像存在缓冲区溢出,查看特制JPEG图像文件可使应用程序崩溃或执行任意代码。 CVE-2011-1132: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 CNCVE-20110213 CNCVE-20111132 处理IPV6套接字选项存在空指针引用错误,本地用户可使系统重置。 Apple Mac OS X Server 10.6.6 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.4 Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac Os X Server 10.6.7 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple Mac OS X 10.6 Apple Mac OS X 10.5 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b760113a3a155269a3fba93a409c640031dd68f
    idSSV:20665
    last seen2017-11-19
    modified2011-06-27
    published2011-06-27
    reporterRoot
    titleApple Mac OS X 10.6.8之前版本存在多个安全漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2011-0186 CVE-2011-0187 CVE-2011-0209 CVE-2011-0210 CVE-2011-0211 CVE-2011-0213 CVE-2011-0245 CVE-2011-0246 CVE-2011-0247 CVE-2011-0248 CVE-2011-0249 CVE-2011-0250 CVE-2011-0251 CVE-2011-0252 Apple QuickTime是一款流行的多媒体播放器。 Apple QuickTime存在多个安全漏洞,允许攻击者进行拒绝服务,任意代码执行等攻击。 1)Quick Times处理GIF图像存在堆缓冲区溢出,查看特制GIF图像可导致应用程序崩溃或任意代码执行(CVE-2011-0246)。 2)Quick Times处理H.264编码的电影文件存在多个栈缓冲区溢出,查看特制的H.264文件可导致应用程序崩溃或任意代码执行(CVE-2011-0247)。 3)Quick Times ActiveX控件处理QTL文件存在基于栈的缓冲区溢出,构建特制WEB页,诱使用户解析,可导致任意代码执行(CVE-2011-0248)。 1-3漏洞不影响Mac OS X版本。 4)处理QuickTime电影文件中的STSC atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0249)。此漏洞不影响OS X Lion系统。 5)处理QuickTime电影文件中的STSS atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0250)。此漏洞不影响OS X Lion系统。 6)处理QuickTime电影文件中的STSZ atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0251)。此漏洞不影响OS X Lion系统。 7)处理QuickTime电影文件中的STTS atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0252)。此漏洞不影响OS X Lion系统。 Apple QuickTime 7.x 厂商解决方案 Apple QuickTime 7.7已经修复此漏洞,建议用户下载使用: http://www.apple.com/quicktime/
    idSSV:20814
    last seen2017-11-19
    modified2011-08-06
    published2011-08-06
    reporterRoot
    titleApple QuickTime存在多个安全漏洞