5 matches found
Apple Mobile Safari for iOS 4.2.1远程代码执行漏洞
BUGTRAQ ID: 46832 CVE ID: CVE-2011-1417 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Apple Mobile Safari for iOS 4.2.1在实现上存在远程代码执行漏洞,远程攻击者可利用这些漏洞在浏览器中执行任意代码或造成拒绝服务攻击。 此漏洞源于对解析office文件的支持中。在处理OfficeArtMetafileHeader时,进程信任了cbSize字段,并在分配前对其执行了算法。结果没有检查溢出,后续分配就过小。稍后复制到此缓冲区时,内存可能会崩溃导致任意代码执...
Apple Safari OfficeArtBlip解析远程代码执行漏洞
CVE ID: CVE-2011-1417 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Apple Safari在实现上存在OfficeArtBlip解析远程代码执行漏洞,远程攻击者可利用此漏洞在受影响应用程序中执行任意代码。 此漏洞源于对Office文件解析的支持。在处理OfficeArtMetafileHeader时,进程信任cbSize字段并在分配前对其执行运算工作。由于没有检查结果的溢出性,后续分配会不足。在复制到此缓冲区时,内存可被破坏导致以当前用户权限执行任意代码。 Apple Safari 厂商补丁:...
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
ZDI-11-109: Pwn2Own Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-109 March 22, 2011 -- CVE ID: CVE-2011-1417 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P -- Affected Vendors: Apple -- Affected Products: Apple Safari --...
Mac OS X Multiple Vulnerabilities (Security Update 2011-001)
The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11 C Tenable Network...
CVE-2011-1417
CVE-2011-1417 is an integer overflow in QuickLook as used by macOS and iOS when handling Microsoft Word/OfficeArtMetafileHeader data, enabling remote code execution or memory corruption with crafted Office documents and potentially causing application crashes. The vulnerability was demonstrated i...