Vulnerabilities > CVE-2014-1252 - Double Free vulnerability in Apple Iphone OS, mac OS X and Pages
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_PAGES_5_1.NASL description According to its self-reported version number, the Apple Pages install on the remote Mac OS X host reportedly has a double-free issue in its handling of Microsoft Word documents that could lead to unexpected program termination or arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72281 published 2014-02-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72281 title Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72281); script_version("1.3"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-1252"); script_bugtraq_id(65113); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-01-23-1"); script_name(english:"Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution"); script_summary(english:"Check the version of Pages"); script_set_attribute(attribute:"synopsis", value: "An application on the remote host could allow arbitrary code execution."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Apple Pages install on the remote Mac OS X host reportedly has a double-free issue in its handling of Microsoft Word documents that could lead to unexpected program termination or arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6117"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple Pages 2.1 / 5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1252"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:pages"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_pages_installed.nbin"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Pages/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/MacOSX/Version")) audit(AUDIT_OS_NOT, "Mac OS X"); get_kb_item_or_exit("MacOSX/Pages/Installed"); list = get_kb_list_or_exit("MacOSX/Pages/*/Version", exit_code:1); item = branch(keys(list)); path = item - 'MacOSX/Pages' - '/Version'; version = get_kb_item_or_exit(item, exit_code:1); if ( version =~ "^1\." || (version =~ "^2\." && ver_compare(ver:version, fix:"2.1", strict:FALSE) == -1) || version =~ "^[34]\." || (version =~ "^5\." && ver_compare(ver:version, fix:"5.1", strict:FALSE) == -1) ) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : 2.1 / 5.1' + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Apple Pages", version, path);NASL family MacOS X Local Security Checks NASL id MACOSX_10_9_2.NASL description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72687 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72687 title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2014-001.NASL description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72688 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72688 title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)
References
- http://osvdb.org/102460
- http://secunia.com/advisories/56615
- http://secunia.com/advisories/56630
- http://support.apple.com/kb/HT6117
- http://support.apple.com/kb/HT6150
- http://support.apple.com/kb/HT6162
- http://www.securityfocus.com/bid/65113
- http://www.securitytracker.com/id/1029683
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90672