Vulnerabilities > CVE-2011-3459 - Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apple

CWE-189

nessus

NVD

Published: 2012-02-02

Updated: 2012-05-18

Summary

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.6.8 Apple MAC OS X 10.6.7 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.6 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.2 Apple MAC OS X 10.7.0 Apple MAC OS X 10.6.4 Apple MAC OS X 10.6.5 Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.7.1 Apple MAC OS X 10.7.2 Apple MAC OS X Server - Apple MAC OS X Server 5.0.2 Apple MAC OS X Server 5.0.3 Apple MAC OS X Server 5.0.14 Apple MAC OS X Server 5.0.15 Apple MAC OS X Server 10.0 Apple MAC OS X Server 10.0.0 Apple MAC OS X Server 10.0.1 Apple MAC OS X Server 10.0.2 Apple MAC OS X Server 10.0.3 Apple MAC OS X Server 10.0.4 Apple MAC OS X Server 10.1 Apple MAC OS X Server 10.1.0 Apple MAC OS X Server 10.1.1 Apple MAC OS X Server 10.1.2 Apple MAC OS X Server 10.1.3 Apple MAC OS X Server 10.1.4 Apple MAC OS X Server 10.1.5 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.0 Apple MAC OS X Server 10.2.1 Apple MAC OS X Server 10.2.2 Apple MAC OS X Server 10.2.3 Apple MAC OS X Server 10.2.4 Apple MAC OS X Server 10.2.5 Apple MAC OS X Server 10.2.6 Apple MAC OS X Server 10.2.7 Apple MAC OS X Server 10.2.8 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.0 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5 Apple MAC OS X Server 10.3.6 Apple MAC OS X Server 10.3.7 Apple MAC OS X Server 10.3.8 Apple MAC OS X Server 10.3.9 Apple MAC OS X Server 10.4 Apple MAC OS X Server 10.4.0 Apple MAC OS X Server 10.4.1 Apple MAC OS X Server 10.4.2 Apple MAC OS X Server 10.4.3 Apple MAC OS X Server 10.4.4 Apple MAC OS X Server 10.4.5 Apple MAC OS X Server 10.4.6 Apple MAC OS X Server 10.4.7 Apple MAC OS X Server 10.4.8 Apple MAC OS X Server 10.4.9 Apple MAC OS X Server 10.4.10 Apple MAC OS X Server 10.4.11 Apple MAC OS X Server 10.5 Apple MAC OS X Server 10.5.0 Apple MAC OS X Server 10.5.1 Apple MAC OS X Server 10.5.2 Apple MAC OS X Server 10.5.3 Apple MAC OS X Server 10.5.4 Apple MAC OS X Server 10.5.5 Apple MAC OS X Server 10.5.6 Apple MAC OS X Server 10.5.7 Apple MAC OS X Server 10.5.8 Apple MAC OS X Server 10.6.0 Apple MAC OS X Server 10.6.1 Apple MAC OS X Server 10.6.2 Apple MAC OS X Server 10.6.3 Apple MAC OS X Server 10.6.4 Apple MAC OS X Server 10.6.5 Apple MAC OS X Server 10.6.6 Apple MAC OS X Server 10.6.7 Apple MAC OS X Server 10.6.8 Apple MAC OS X Server 10.7.0 Apple MAC OS X Server 10.7.1 Apple MAC OS X Server 10.7.2	144

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Windows
NASL id	QUICKTIME_772.NASL
description	The version of QuickTime installed on the remote Windows host is older than 7.7.2 and may be affected by the following vulnerabilities : - An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458) - An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459) - A stack-based buffer overflow exists in the QuickTime plugin
last seen	2020-06-01
modified	2020-06-02
plugin id	59113
published	2012-05-16
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/59113
title	QuickTime < 7.7.2 Multiple Vulnerabilities (Windows)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2012-001.NASL
description	The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	57798
published	2012-02-02
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57798
title	Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_7_3.NASL
description	The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	57797
published	2012-02-02
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57797
title	Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 51811 CVE ID: CVE-2011-3459 OS X Lion Server 内含一组应用软件，可将任意一台Mac 变成功能强大的服务器。Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Apple Mac OS X 10.7.3之前版本中的QuickTime在实现上存在单字节溢出，可允许远程攻击者通过特制视频文件中的rdrf元素执行任意代码或造成拒绝服务。 0 Apple MacOS X 10.x Apple MacOS X Server 10.7.x Apple QuickTime Player 7.x 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（APPLE-SA-2012-05-09-1）以及相应补丁: APPLE-SA-2012-05-09-1：OS X Lion v10.7.4 and Security Update 2012-002
id	SSV:60130
last seen	2017-11-19
modified	2012-05-17
published	2012-05-17
reporter	Root
title	Apple Mac OS X远程代码执行漏洞(CVE-2011-3459)

bulletinFamily	exploit
description	Bugtraq ID: 51811 CVE ID：CVE-2011-3459 Apple Mac OS X是苹果公司发布的操作系统处理QuickTime电影文件中的rdrf atoms时存在一个单字节缓冲区溢出错误，攻击者可以构建特制电影文件，诱使用户解析，使应用程序崩溃或执行任意代码 0 Apple Mac Os X Server 10.7.2 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X Server 10.6.8 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 厂商解决方案 Apple Mac Os X Server 10.7.3和Apple Mac Os X 10.7.3已经修复此漏洞，建议用户下载使用： http://www.apple.com/macosx/
id	SSV:30086
last seen	2017-11-19
modified	2012-02-06
published	2012-02-06
reporter	Root
title	Apple Mac OS X (rdrf atoms)远程代码执行漏洞(CVE-2011-3459)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References