Lucene search
RootSSV:20500HistoryApr 24, 2011 - 12:00 a.m.
Apple Mobile Safari for iOS 4.2.1远程代码执行漏洞
2011-04-2400:00:00
Root
www.seebug.org
14
EPSS
0.25
Percentile
96.7%
BUGTRAQ ID: 46832
CVE ID: CVE-2011-1417
Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。
Apple Mobile Safari for iOS 4.2.1在实现上存在远程代码执行漏洞,远程攻击者可利用这些漏洞在浏览器中执行任意代码或造成拒绝服务攻击。
此漏洞源于对解析office文件的支持中。在处理OfficeArtMetafileHeader时,进程信任了cbSize字段,并在分配前对其执行了算法。结果没有检查溢出,后续分配就过小。稍后复制到此缓冲区时,内存可能会崩溃导致任意代码执行。
Apple MacOS X Server 10.x
Apple iOS
厂商补丁:
Apple
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
cvelist
cvelist
CVE-2011-1417
2011-03-11 17:00:00
seebug
seebug
Apple Safari OfficeArtBlip解析远程代码执行漏洞
2011-03-29 00:00:00
Apple iWork Numbers/Pages多个漏洞(CVE-2011-1417)
2011-07-28 00:00:00
cve
cve
CVE-2011-1417
2011-03-11 17:55:03
nvd
nvd
CVE-2011-1417
2011-03-11 17:55:03
zdi
zdi
securityvulns
securityvulns
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
2011-03-23 00:00:00
APPLE-SA-2011-10-12-5 Pages for iOS v1.5
2011-10-15 00:00:00
Apple iWork multiple security vulnerabilities
2011-07-26 00:00:00
prion
prion
Integer overflow
2011-03-11 17:55:00
openvas
openvas
Apple Mac OS X iWork 9.1 Update
2011-09-07 00:00:00
Apple Mac OS X iWork 9.1 Update
2011-09-07 00:00:00
Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
2011-08-26 00:00:00
nessus
nessus
Mac OS X : iWork 9.x < 9.1 Multiple Vulnerabilities
2011-07-26 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2011-001)
2011-03-22 00:00:00
Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
2011-03-22 00:00:00