Vulnerabilities > CVE-2014-1261 - Numeric Errors vulnerability in Apple mac OS X

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

apple

CWE-189

nessus

NVD

Published: 2014-02-27

Updated: 2014-02-27

Summary

Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.9 Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.2 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.4 Apple MAC OS X 10.6.5 Apple MAC OS X 10.6.6 Apple MAC OS X 10.6.7 Apple MAC OS X 10.6.8 Apple MAC OS X 10.7.0 Apple MAC OS X 10.7.1 Apple MAC OS X 10.7.2 Apple MAC OS X 10.7.3 Apple MAC OS X 10.7.4 Apple MAC OS X 10.7.5 Apple MAC OS X 10.8.0 Apple MAC OS X 10.8.1 Apple MAC OS X 10.8.2 Apple MAC OS X 10.8.3 Apple MAC OS X 10.8.4 Apple MAC OS X 10.8.5 Apple MAC OS X 10.9.1	82

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_9_2.NASL
description	The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	72687
published	2014-02-25
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/72687
title	Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 65777 CVE(CAN) ID: CVE-2014-1254,CVE-2014-1262,CVE-2014-1255,CVE-2014-1256,CVE-2014-1257,CVE-2014-1258,CVE-2014-1261,CVE-2014-1263,CVE-2014-1265,CVE-2014-1259,CVE-2014-1264,CVE-2014-1260,CVE-2014-1246,CVE-2014-1247,CVE-2014-1248,CVE-2014-1249,CVE-2014-1250,CVE-2014-1245 OS X（前称Mac OS X）是苹果公司为麦金塔电脑开发的专属操作系统的最新版本。 OS X 10.9.2之前版本在实现上存在多个漏洞，这些漏洞影响ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, File Bookmark组件，攻击者可利用这些漏洞执行任意代码、获取未授权访问权限、绕过安全限制、执行其他攻击等。 0 Apple Mac OS X < 10.9.2 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.apple.com/support/downloads/
id	SSV:61574
last seen	2017-11-19
modified	2014-02-26
published	2014-02-26
reporter	Root
title	Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)

References

http://support.apple.com/kb/HT6150