SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apple Pages Vendors:   Apple
(Apple Issues Fix for Pages for iOS) Mac OS X Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1026181
SecurityTracker URL:  http://securitytracker.com/id/1026181
CVE Reference:   CVE-2011-1417   (Links to External Site)
Date:  Oct 13 2011
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.5
Description:   Multiple vulnerabilities were reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information. Apple Pages for iOS is affected by one vulnerability.

A remote user on the Wi-Fi network can send specially crafted data to trigger a divide by zero error and cause the target system to reset [CVE-2011-0172]. Versions prior to 10.6 are not affected.

A remote user can supply specially crafted to an AppleScript Studio-based application that passes untrusted input to a dialog to trigger a format string flaw in the generic dialog commands ("display dialog" and "display alert") and execute arbitrary code [CVE-2011-0173]. Alexander Strange reported this vulnerability.

A remote user can create a specially crafted document that, when viewed or downloaded by the target user, will trigger a heap overflow in the processing of OpenType fonts and execute arbitrary code on the target system [CVE-2011-0174]. The code will run with the privileges of the target user.

A remote user can create a specially crafted document that, when viewed or downloaded by the target user, will trigger a buffer overflow in the processing of TrueType fonts and execute arbitrary code on the target system [CVE-2011-0175]. The code will run with the privileges of the target user. Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, and Tavis Ormandy and Will Drewry of Google Security Team reported this vulnerability.

A remote user can create a specially crafted document that, when viewed or downloaded by the target user, will trigger a buffer overflow in the processing of Type 1 fonts and execute arbitrary code on the target system [CVE-2011-0176]. The code will run with the privileges of the target user. Felix Grobert of the Google Security Team and geekable (via TippingPoint's Zero Day Initiative) reported this vulnerability.

A remote user can create a specially crafted document that, when viewed or downloaded by the target user, will trigger a buffer overflow in the processing of SFNT tables and execute arbitrary code on the target system [CVE-2011-0177]. The code will run with the privileges of the target user. Marc Schoenefeld of Red Hat Security Response Team reported this vulnerability.

A local user can invoke an application that uses the FSFindFolder() function with the kTemporaryFolderType flag to read information in the requested directory [CVE-2011-0178].

A remote user can create a specially crafted document that, when viewed or downloaded by the target user, will trigger a memory corruption error in the processing of embedded font files and execute arbitrary code on the target system [CVE-2011-0179]. The code will run with the privileges of the target user. Christoph Diehl of Mozilla reported this vulnerability.

A local user can exploit an integer overflow in the F_READBOOTSTRAP ioctl to read arbitrary files from an HFS, HFS+, or HFS+J filesystem [CVE-2011-0180]. Dan Rosenberg of Virtual Security Research reported this vulnerability.

A remote user can create a specially crafted XBM image that, when viewed by the target user, will trigger an integer overflow and execute arbitrary code [CVE-2011-0181]. The code will run with the privileges of the target user. Harry Sintonen reported this vulnerability.

A local user can exploit a privilege checking flaw in the i386_set_ldt() system call's handling of call gates to execute arbitrary code with system privileges [CVE-2011-0182]. Jeff Mears reported this vulnerability.

A remote user can trigger an integer truncation flaw on a target host that exports an NFS file system to cause NFS RPC services (e.g., lockd, statd, mountd, and portmap) to become unresponsive [CVE-2011-0183]. Peter Schwenk of the University of Delaware reported this vulnerability.

A remote user can create a specially crafted Excel file that, when downloaded by the target user, will trigger a memory corruption error in QuickLook and execute arbitrary code [CVE-2011-0184]. The code will run with the privileges of the target user. Systems prior to 10.6 are not affected. Tobias Klein (via Verisign iDefense Labs) reported this vulnerability.

A remote user can create a specially crafted JPEG2000 image file that, when viewed by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2011-0186]. The code will run with the privileges of the target user. Will Dormann of the CERT/CC reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a cross-origin error in QuickTime to access video data from a different domain [CVE-2011-0187]. Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) reported this vulnerability.

When ssh is used in Terminal's "New Remote Connection" dialog, SSH version 1 is selected as the default protocol version [CVE-2011-0189]. Matt Warren of HNW Inc.

A remote user can create specially crafted HTML that, when viewed by the target user, will trigger URL processing flaw in Install Helper and install an agent that contacts an arbitrary server when the user logs in such that the user may think the connection is with Apple [CVE-2011-0190]. Aaron Sigel of vtty.com reported this vulnerability.

A remote user can create a specially crafted Canon RAW image file that, when viewed by the target user, will trigger a buffer overflow and execute arbitrary code [CVE-2011-0193]. The code will run with the privileges of the target user. Paul Harrington of NGS Secure

A remote user can create a specially crafted JPEG-encoded TIFF that, when viewed by the target user, will trigger an integer overflow and execute arbitrary code [CVE-2011-0194]. The code will run with the privileges of the target user. Versions prior to 10.6 are not affected. Dominic Chell of NGS Secure reported this vulnerability.

A remote user can create a specially crafted Office file that, when downloaded by the target user, will trigger a memory corruption flaw in QuickLook and execute arbitrary code [CVE-2011-1417]. The code will run with the privileges of the target user. Charlie Miller and Dion Blazakis (via TippingPoint's Zero Day Initiative) reported this vulnerability.

Impact:   A remote user can create a file or image that, when viewed or downloaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local user can obtain potentially sensitive information.

Solution:   Apple has issued a fix for CVE-2011-1417 for Pages for iOS (1.5), available via the App Store.

The Apple advisory is available at:

http://support.apple.com/kb/HT5003

Cause:   Access control error, Boundary error
Underlying OS:  Apple (iOS)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 21 2011 Mac OS X Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC