Vulnerabilities > CVE-2011-3446 - Unspecified vulnerability in Apple mac OS X and mac OS X Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
nessus
NVD
Published: 2012-02-02
Updated: 2012-02-03

Summary

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.

Vulnerable Configurations

Part Description Count
OS
Apple
144

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id57798
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57798
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id57797
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57797
    titleMac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 51832 CVE ID: CVE-2011-3446 Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Apple Mac OS X在打开Font Book中的恶意字体时存在内存破坏漏洞,攻击者可利用此漏洞在受影响应用程序中执行任意代码。 0 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple MacOS X Server 10.7.2 Apple MacOS X Server 10.7.1 Apple MacOS X Server 10.7 Apple MacOS X Server 10.6.8 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/
idSSV:30074
last seen2017-11-19
modified2012-02-04
published2012-02-04
reporterRoot
titleApple Mac OS X Apple Type Services &quot;.dfont&quot;字体文件内存破坏漏洞

References