Lucene search
HistoryFeb 02, 2012 - 6:55 p.m.
CVE-2011-3446
cve-2011-3446
apple
mac os x
ats
memory management
data-font
remote attackers
arbitrary code
denial of service
font book
7.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.8%
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
References
Related
seebug
seebug
cert
cert
Apple Mac OS X ATS data-font memory corruption vulnerability
2012-02-02 00:00:00
prion
prion
Code injection
2012-02-02 18:55:00
cisa
cisa
Apple Releases Multiple Security Updates
2012-02-02 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
2012-02-02 00:00:00
Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)
2012-02-02 00:00:00
7.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.8%
Related for CVE-2011-3446