Vulnerabilities > CVE-2011-3449 - Resource Management Errors vulnerability in Apple mac OS X Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apple

CWE-399

nessus

NVD

Published: 2012-02-02

Updated: 2012-02-03

Summary

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X Server - Apple MAC OS X Server 5.0.2 Apple MAC OS X Server 5.0.3 Apple MAC OS X Server 5.0.14 Apple MAC OS X Server 5.0.15 Apple MAC OS X Server 10.0 Apple MAC OS X Server 10.0.0 Apple MAC OS X Server 10.0.1 Apple MAC OS X Server 10.0.2 Apple MAC OS X Server 10.0.3 Apple MAC OS X Server 10.0.4 Apple MAC OS X Server 10.1 Apple MAC OS X Server 10.1.0 Apple MAC OS X Server 10.1.1 Apple MAC OS X Server 10.1.2 Apple MAC OS X Server 10.1.3 Apple MAC OS X Server 10.1.4 Apple MAC OS X Server 10.1.5 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.0 Apple MAC OS X Server 10.2.1 Apple MAC OS X Server 10.2.2 Apple MAC OS X Server 10.2.3 Apple MAC OS X Server 10.2.4 Apple MAC OS X Server 10.2.5 Apple MAC OS X Server 10.2.6 Apple MAC OS X Server 10.2.7 Apple MAC OS X Server 10.2.8 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.0 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5 Apple MAC OS X Server 10.3.6 Apple MAC OS X Server 10.3.7 Apple MAC OS X Server 10.3.8 Apple MAC OS X Server 10.3.9 Apple MAC OS X Server 10.4 Apple MAC OS X Server 10.4.0 Apple MAC OS X Server 10.4.1 Apple MAC OS X Server 10.4.2 Apple MAC OS X Server 10.4.3 Apple MAC OS X Server 10.4.4 Apple MAC OS X Server 10.4.5 Apple MAC OS X Server 10.4.6 Apple MAC OS X Server 10.4.7 Apple MAC OS X Server 10.4.8 Apple MAC OS X Server 10.4.9 Apple MAC OS X Server 10.4.10 Apple MAC OS X Server 10.4.11 Apple MAC OS X Server 10.5 Apple MAC OS X Server 10.5.0 Apple MAC OS X Server 10.5.1 Apple MAC OS X Server 10.5.2 Apple MAC OS X Server 10.5.3 Apple MAC OS X Server 10.5.4 Apple MAC OS X Server 10.5.5 Apple MAC OS X Server 10.5.6 Apple MAC OS X Server 10.5.7 Apple MAC OS X Server 10.5.8 Apple MAC OS X Server 10.6.0 Apple MAC OS X Server 10.6.1 Apple MAC OS X Server 10.6.2 Apple MAC OS X Server 10.6.3 Apple MAC OS X Server 10.6.4 Apple MAC OS X Server 10.6.5 Apple MAC OS X Server 10.6.6 Apple MAC OS X Server 10.6.7 Apple MAC OS X Server 10.6.8 Apple MAC OS X Server 10.7.0 Apple MAC OS X Server 10.7.1 Apple MAC OS X Server 10.7.2 Apple MAC OS X 10.7.0 Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.2 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.4 Apple MAC OS X 10.6.5 Apple MAC OS X 10.6.6 Apple MAC OS X 10.6.7 Apple MAC OS X 10.6.8 Apple MAC OS X 10.7.1 Apple MAC OS X 10.7.2	144

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2012-001.NASL
description	The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	57798
published	2012-02-02
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57798
title	Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_7_3.NASL
description	The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	57797
published	2012-02-02
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57797
title	Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 51812 CVE ID: CVE-2011-3449 Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Apple Mac OS X在打开文档中嵌入的恶意字体时存在内存破坏漏洞，攻击者可利用此漏洞在受影响应用程序中执行任意代码。 0 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple MacOS X Server 10.7.2 Apple MacOS X Server 10.7.1 Apple MacOS X Server 10.7 Apple MacOS X Server 10.6.8 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.apple.com/
id	SSV:30075
last seen	2017-11-19
modified	2012-02-04
published	2012-02-04
reporter	Root
title	Apple Mac OS X 10.7.3之前版本CoreText释放后重用代码执行漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References