Lucene search
K

5 matches found

seebug.org
seebug.org
added 2011/04/24 12:0 a.m.37 views

Apple Mobile Safari for iOS 4.2.1远程代码执行漏洞

BUGTRAQ ID: 46832 CVE ID: CVE-2011-1417 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Apple Mobile Safari for iOS 4.2.1在实现上存在远程代码执行漏洞,远程攻击者可利用这些漏洞在浏览器中执行任意代码或造成拒绝服务攻击。 此漏洞源于对解析office文件的支持中。在处理OfficeArtMetafileHeader时,进程信任了cbSize字段,并在分配前对其执行了算法。结果没有检查溢出,后续分配就过小。稍后复制到此缓冲区时,内存可能会崩溃导致任意代码执...

6.8CVSS5.6AI score0.05472EPSS
Exploits3
seebug.org
seebug.org
added 2011/03/29 12:0 a.m.42 views

Apple Safari OfficeArtBlip解析远程代码执行漏洞

CVE ID: CVE-2011-1417 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Apple Safari在实现上存在OfficeArtBlip解析远程代码执行漏洞,远程攻击者可利用此漏洞在受影响应用程序中执行任意代码。 此漏洞源于对Office文件解析的支持。在处理OfficeArtMetafileHeader时,进程信任cbSize字段并在分配前对其执行运算工作。由于没有检查结果的溢出性,后续分配会不足。在复制到此缓冲区时,内存可被破坏导致以当前用户权限执行任意代码。 Apple Safari 厂商补丁:...

6.8CVSS5.6AI score0.05472EPSS
Exploits3
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.60 views

ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability

ZDI-11-109: Pwn2Own Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-109 March 22, 2011 -- CVE ID: CVE-2011-1417 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P -- Affected Vendors: Apple -- Affected Products: Apple Safari --...

6.8CVSS0.4AI score0.05472EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2011/03/22 12:0 a.m.44 views

Mac OS X Multiple Vulnerabilities (Security Update 2011-001)

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11 C Tenable Network...

9.3CVSS6.2AI score0.2187EPSS
Exploits14References24
CVE
CVE
added 2011/03/11 5:0 p.m.70 views

CVE-2011-1417

CVE-2011-1417 is an integer overflow in QuickLook as used by macOS and iOS when handling Microsoft Word/OfficeArtMetafileHeader data, enabling remote code execution or memory corruption with crafted Office documents and potentially causing application crashes. The vulnerability was demonstrated i...

6.8CVSS6.3AI score0.05472EPSS
Exploits3References11Affected Software2
Rows per page
Query Builder