Vulnerabilities > CVE-2011-0209 - Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_QUICKTIME77.NASL description The version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime last seen 2020-06-01 modified 2020-06-02 plugin id 55763 published 2011-08-04 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55763 title QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(55763); script_version("1.19"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0209", "CVE-2011-0210", "CVE-2011-0211", "CVE-2011-0213", "CVE-2011-0245", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0256", "CVE-2011-0257" ); script_bugtraq_id( 46992, 46995, 48419, 48420, 48430, 48442, 49028, 49034, 49035, 49036, 49038, 49144, 49170 ); script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of QuickTime on Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote Mac OS X host contains an application that may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256)" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4826" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to QuickTime 7.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Quicktime652.nasl", "ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/QuickTime/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); # Mac OS X 10.5 only. os = get_kb_item("Host/MacOSX/Version"); if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (!ereg(pattern:"Mac OS X 10\.5([^0-9]|$)", string:os)) exit(0, "The host is running "+os+" and therefore is not affected."); version = get_kb_item_or_exit("MacOSX/QuickTime/Version"); fixed_version = "7.7"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The remote host is not affected since QuickTime "+version+" is installed.");NASL family Windows NASL id QUICKTIME_77.NASL description The version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime last seen 2020-06-01 modified 2020-06-02 plugin id 55764 published 2011-08-04 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55764 title QuickTime < 7.7 Multiple Vulnerabilities (Windows) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55764); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0209", "CVE-2011-0210", "CVE-2011-0211", "CVE-2011-0213", "CVE-2011-0245", "CVE-2011-0246", "CVE-2011-0247", "CVE-2011-0248", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0256", "CVE-2011-0257", "CVE-2011-0258" ); script_bugtraq_id( 46992, 46995, 48419, 48420, 48430, 48442, 49028, 49029, 49030, 49031, 49034, 49035, 49036, 49038, 49144, 49170, 49396 ); script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Windows)"); script_summary(english:"Checks version of QuickTime on Windows"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains an application that may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of GIF files may lead to an application crash or arbitrary code execution. (CVE-2011-0246) - Multiple stack-based buffer overflows in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0247) - A stack-based buffer overflow in the QuickTime ActiveX's handling of QTL files may lead to an application crash or arbitrary code execution. (CVE-2011-0248) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256) - Memory corruption in Quicktime's handling of mp4v codec information. (CVE-2011-0258)" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/" ); script_set_attribute( attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-255/" ); script_set_attribute( attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-256/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/" ); script_set_attribute( attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-277/" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4826" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to QuickTime 7.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("quicktime_installed.nasl"); script_require_keys("SMB/QuickTime/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); kb_base = "SMB/QuickTime/"; version = get_kb_item_or_exit(kb_base+"Version"); version_ui = get_kb_item(kb_base+"Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; fixed_version = "7.70.80.34"; fixed_version_ui = "7.7 (1680.34)"; if (ver_compare(ver:version, fix:fixed_version) == -1) { if (report_verbosity > 0) { path = get_kb_item(kb_base+"Path"); if (isnull(path)) path = 'n/a'; report = '\n Path : '+path+ '\n Installed version : '+version_report+ '\n Fixed version : '+fixed_version_ui+'\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } else exit(0, "The host is not affected since QuickTime "+version_report+" is installed.");NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_8.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion last seen 2020-06-01 modified 2020-06-02 plugin id 55416 published 2011-06-24 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55416 title Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55416); script_version("1.20"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_cve_id( "CVE-2009-3245", "CVE-2010-0740", "CVE-2010-2632", "CVE-2010-3677", "CVE-2010-3682", "CVE-2010-3790", "CVE-2010-3833", "CVE-2010-3834", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3864", "CVE-2010-4180", "CVE-2010-4651", "CVE-2011-0014", "CVE-2011-0195", "CVE-2011-0197", "CVE-2011-0198", "CVE-2011-0199", "CVE-2011-0201", "CVE-2011-0202", "CVE-2011-0203", "CVE-2011-0204", "CVE-2011-0205", "CVE-2011-0206", "CVE-2011-0207", "CVE-2011-0208", "CVE-2011-0209", "CVE-2011-0210", "CVE-2011-0211", "CVE-2011-0212", "CVE-2011-0213", "CVE-2011-0715", "CVE-2011-0719", "CVE-2011-1132" ); script_bugtraq_id( 38562, 39013, 42599, 42646, 43676, 43819, 44794, 44884, 45164, 46264, 46597, 46734, 46768, 47668, 48418, 48419, 48420, 48422, 48426, 48427, 48429, 48430, 48436, 48437, 48439, 48440, 48442, 48443, 48444, 48445, 48447 ); script_name(english:"Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4723"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.6.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20); ; # CVE-2009-3245 script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/23"); script_set_attribute(attribute:"patch_publication_date", value:"2011/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/24"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing."); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (ereg(pattern:"Mac OS X 10\.6($|\.[0-7]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");
Seebug
bulletinFamily exploit description Bugtraq ID: 48412 CVE ID:CVE-2011-0196 CVE-2011-0197 CVE-2011-0198 CVE-2011-0199 CVE-2011-0200 CVE-2011-0201 CVE-2011-0202 CVE-2011-0203 CVE-2011-0204 CVE-2011-0205 CVE-2011-0206 CVE-2011-0207 CVE-2011-0208 CVE-2011-0209 CVE-2011-0210 CVE-2011-0211 CVE-2011-0212 CVE-2011-0213 CVE-2011-1132 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X 2011-004安全公告修复了多个安全漏洞,这些漏洞影响AirPort, App Store, ATS, Certificate Trust Policy, ColorSync, CoreFoundation, CoreGraphics, FTP Server, ImageIO, International Components for Unicode, MobileMe, QuickLook, QuickTime和servermgrd。 CVE-2011-0196: CNCVE ID:CNCVE-20110196 CNCVE-20110196 处理Wi-Fi帧存在越界读问题,当连接到Wi-Fi时,在同一网络的攻击者可使系统重置。 CVE-2011-0197: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 在某些条件下,App Store会记录用户AppleID密码到其他用户不可读的文件中。 CVE-2011-0198: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 处理TrueType字体存在堆缓冲区溢出,查看或下载包含恶意字体的文档可执行任意代码。 CVE-2011-0199: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 证书信任策略存在一个错误处理问题。如果扩展验证(EV)证书没有OCSP URL,并且启用了CRL,那么CRL不会被检查并会接收作废的证书作为合法证书。 CVE-2011-0200: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 处理嵌入ColorSync配置文件的图像时存在整数溢出,可导致堆缓冲区溢出。 CVE-2011-0201: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 处理CFStrings存在单字节缓冲区溢出,可导致应用程序崩溃或任意代码执行。 CVE-2011-0202: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 处理Type 1字体存在整数溢出,查看和下载嵌入特制字体的文档可导致任意代码执行。 CVE-2011-0203: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 xftpd存在路径校验错误,具有FTP访问的用户可列出系统文件。 CVE-2011-0204: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 ImageIO处理TIFF图像存在堆缓冲区溢出,查看特制的TIFF图像可导致应用程序崩溃或执行任意代码。 CVE-2011-0205: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 ImageIO处理JPEG2000图像存在堆缓冲区溢出,查看特制的TIFF图像可导致应用程序崩溃或执行任意代码。 CVE-2011-0206: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 ICU处理大写字符串存在缓冲区溢出,可使使用ICU的应用程序崩溃。 CVE-2011-0207: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 通过MobileMe连接判断用户Email别名时,邮件会通过HTTP提交请求,结果可导致一个具体有特权网络位置的攻击者读取用户MobileMe email别名。 CVE-2011-0208: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 QuickLook处理Microsoft office文件存在内存破坏,下载特制的Microsoft Office文件可使应用程序崩溃或执行任意代码。 CVE-2011-0209: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 QuickTime处理RIFF WAV文件存在整数溢出,查看特制WAV文件可使应用程序崩溃或执行任意代码。 CVE-2011-0210: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 QuickTime处理QuickTime电影文件中的示例表时存在内存破坏,查看特制电影文件可使应用程序崩溃或执行任意代码。 CVE-2011-0211: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 QuickTime处理QuickTime电影文件存在整数溢出,查看特制电影文件可使应用程序崩溃或执行任意代码。 CVE-2011-0212: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 QuickTime处理PICT图像存在缓冲区溢出,查看特制PICT图像文件可使应用程序崩溃或执行任意代码。 CVE-2011-0213: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 CNCVE-20110213 QuickTime处理JPEG图像存在缓冲区溢出,查看特制JPEG图像文件可使应用程序崩溃或执行任意代码。 CVE-2011-1132: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 CNCVE-20110213 CNCVE-20111132 处理IPV6套接字选项存在空指针引用错误,本地用户可使系统重置。 Apple Mac OS X Server 10.6.6 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.4 Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac Os X Server 10.6.7 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple Mac OS X 10.6 Apple Mac OS X 10.5 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b760113a3a155269a3fba93a409c640031dd68f id SSV:20665 last seen 2017-11-19 modified 2011-06-27 published 2011-06-27 reporter Root title Apple Mac OS X 10.6.8之前版本存在多个安全漏洞 bulletinFamily exploit description CVE ID:CVE-2011-0186 CVE-2011-0187 CVE-2011-0209 CVE-2011-0210 CVE-2011-0211 CVE-2011-0213 CVE-2011-0245 CVE-2011-0246 CVE-2011-0247 CVE-2011-0248 CVE-2011-0249 CVE-2011-0250 CVE-2011-0251 CVE-2011-0252 Apple QuickTime是一款流行的多媒体播放器。 Apple QuickTime存在多个安全漏洞,允许攻击者进行拒绝服务,任意代码执行等攻击。 1)Quick Times处理GIF图像存在堆缓冲区溢出,查看特制GIF图像可导致应用程序崩溃或任意代码执行(CVE-2011-0246)。 2)Quick Times处理H.264编码的电影文件存在多个栈缓冲区溢出,查看特制的H.264文件可导致应用程序崩溃或任意代码执行(CVE-2011-0247)。 3)Quick Times ActiveX控件处理QTL文件存在基于栈的缓冲区溢出,构建特制WEB页,诱使用户解析,可导致任意代码执行(CVE-2011-0248)。 1-3漏洞不影响Mac OS X版本。 4)处理QuickTime电影文件中的STSC atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0249)。此漏洞不影响OS X Lion系统。 5)处理QuickTime电影文件中的STSS atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0250)。此漏洞不影响OS X Lion系统。 6)处理QuickTime电影文件中的STSZ atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0251)。此漏洞不影响OS X Lion系统。 7)处理QuickTime电影文件中的STTS atoms存在基于堆的缓冲区溢出,构建恶意电影文件,诱使用户解析,可导致应用程序崩溃或任意代码执行(CVE-2011-0252)。此漏洞不影响OS X Lion系统。 Apple QuickTime 7.x 厂商解决方案 Apple QuickTime 7.7已经修复此漏洞,建议用户下载使用: http://www.apple.com/quicktime/ id SSV:20814 last seen 2017-11-19 modified 2011-08-06 published 2011-08-06 reporter Root title Apple QuickTime存在多个安全漏洞