iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...

CVE-2011-3260

CVE-2011-3260 describes a memory corruption/buffer overflow vulnerability in Apple’s OfficeImport framework used by iOS, triggered when parsing Microsoft Word documents. The issue allowed remote code execution or a denial of service (application crash) on iOS versions before 5. The iDefense/iOS b...

Apple Mobile OfficeImport Framework Word文档解析内存破坏漏洞

CVE ID: CVE-2011-3260 OfficeImport组件是Apple移动设备使用的API，用于解析和显示Office文档格式。 Apple公司的OfficeImport组件在解析畸形Office文档时存在内存破坏漏洞，可使攻击者以当前用户权限执行任意代码。 在解析具有恶意构建记录的Word文件时，记录中的特定值可触发内存破坏漏洞，文件中的值被用作函数指针。 Apple iOS 5 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.apple.com/...