Lucene search
RootSSV:20414HistoryMar 29, 2011 - 12:00 a.m.
Apple Safari OfficeArtBlip解析远程代码执行漏洞
2011-03-2900:00:00
Root
www.seebug.org
20
0.201 Low
EPSS
Percentile
95.8%
CVE ID: CVE-2011-1417
Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。
Apple Safari在实现上存在OfficeArtBlip解析远程代码执行漏洞,远程攻击者可利用此漏洞在受影响应用程序中执行任意代码。
此漏洞源于对Office文件解析的支持。在处理OfficeArtMetafileHeader时,进程信任cbSize字段并在分配前对其执行运算工作。由于没有检查结果的溢出性,后续分配会不足。在复制到此缓冲区时,内存可被破坏导致以当前用户权限执行任意代码。
Apple Safari
厂商补丁:
Apple
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
seebug
seebug
Apple Mobile Safari for iOS 4.2.1远程代码执行漏洞
2011-04-24 00:00:00
Apple iWork Numbers/Pages多个漏洞(CVE-2011-1417)
2011-07-28 00:00:00
cvelist
cvelist
CVE-2011-1417
2011-03-11 17:00:00
zdi
zdi
cve
cve
CVE-2011-1417
2011-03-11 17:55:00
securityvulns
securityvulns
APPLE-SA-2011-10-12-5 Pages for iOS v1.5
2011-10-15 00:00:00
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
2011-03-23 00:00:00
APPLE-SA-2011-07-20-2 iWork 9.1 Update
2011-07-26 00:00:00
prion
prion
Integer overflow
2011-03-11 17:55:00
nessus
nessus
Mac OS X : iWork 9.x < 9.1 Multiple Vulnerabilities
2011-07-26 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2011-001)
2011-03-22 00:00:00
Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
2011-03-22 00:00:00
openvas
openvas
Apple Mac OS X iWork 9.1 Update
2011-09-07 00:00:00
Apple Mac OS X iWork 9.1 Update
2011-09-07 00:00:00
Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
2011-08-26 00:00:00