ID

VAR-201106-0153


CVE

CVE-2011-0202


TITLE

Apple Mac OS X of CoreGraphics Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-001830

DESCRIPTION

Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. Apple Mac OS X is prone to an integer-overflow vulnerability that occurs in the CoreGraphics component. Successful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are affected: Mac OS X 10.5.8 Mac OS X Server 10.5.8 Mac OS X 10.6 through v10.6.7 Mac OS X Server 10.6 through v10.6.7 NOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content. CVE-ID CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Authenticating to a maliciously crafted website may lead to arbitrary code execution Description: The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. CVE-ID CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: A root certificate that is disabled may still be trusted Description: CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. CVE-ID CVE-2011-0214 : An anonymous reporter ColorSync Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. CVE-ID CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team International Components for Unicode Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's handling of uppercase strings. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A reentrancy issue existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. CVE-ID CVE-2011-0195 : Chris Evans of the Google Chrome Security Team libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team Safari Available for: Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: If the "AutoFill web forms" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book Description: Safari's "AutoFill web forms" feature filled in non- visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process. CVE-ID CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd CVE-2011-0164 : Apple CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0237 : wushi of team509 working with iDefense VCP CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0240 : wushi of team509 working with iDefense VCP CVE-2011-0253 : Richard Keen CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with iDefense VCP CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509 WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. Visiting a maliciously crafted website may lead to an information disclosure. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved handling of URLs with an embedded username. Visiting a maliciously crafted website may lead to a cross- site scripting attack. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari 5.0.6 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Safari for Mac OS X v10.6.8 and later The download file is named: Safari5.1SnowLeopard.dmg Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24 Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.6Leopard.dmg Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36 Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/ KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ= =fOfF -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45054 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45054 RELEASE DATE: 2011-06-25 DISCUSS ADVISORY: http://secunia.com/advisories/45054/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45054/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45054 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within AirPort when handling Wi-Fi frames can be exploited to trigger an out-of-bounds memory access and cause a system reset. 2) An error within App Store may lead to a user's AppleID password being logged to a local file. 4) An error within Certificate Trust Policy when handling an Extended Validation (EV) certificate with no OCSP URL can be exploited to disclose certain sensitive information via Man-in-the-Middle (MitM) attacks. 7) An integer overflow error in CoreGraphics when handling PDF files containing Type 1 fonts can be exploited to cause a buffer overflow via a specially crafted PDF file. 8) A path validation error within xftpd can be exploited to perform a recursive directory listing and disclose the list of otherwise restricted files. 9) An error in ImageIO within the handling of TIFF files can be exploited to cause a heap-based buffer overflow. 10) An error in ImageIO within the handling of JPEG2000 files can be exploited to cause a heap-based buffer overflow. 11) An error within ICU (International Components for Unicode) when handling certain uppercase strings can be exploited to cause a buffer overflow. 12) A NULL pointer dereference error within the kernel when handling IPV6 socket options can be exploited to cause a system reset. 13) An error within Libsystem when using the glob(3) API can be exploited to cause a high CPU consumption. 14) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 15) An error exists within MobileMe when determining a user's email aliases. This can be exploited to disclose a user's MobileMe email aliases via Man-in-the-Middle (MitM) attacks. 16) Some vulnerabilities are caused due to a vulnerable bundled version of MySQL. For more information: SA41048 SA41716 17) Some vulnerabilities are caused due to a vulnerable bundled version of OpenSSL. For more information: SA37291 SA38807 SA42243 SA42473 SA43227 18) A vulnerability is caused due to a vulnerable bundled version of GNU patch. For more information: SA43677 19) An unspecified error in QuickLook within the processing of Microsoft Office files can be exploited to corrupt memory, which may allow execution of arbitrary code. 20) An integer overflow error in QuickTime when handling RIFF WAV files can be exploited to execute arbitrary code. 21) An error within QuickTime when processing sample tables in QuickTime movie files can be exploited to corrupt memory, which may allow execution of arbitrary code. 22) An integer overflow error in QuickTime when handling certain movie files can be exploited to execute arbitrary code. 23) An error in QuickTime when handling PICT image files can be exploited to cause a buffer overflow and execute arbitrary code. 24) An error in QuickTime when handling JPEG image files can be exploited to cause a buffer overflow and execute arbitrary code. 25) Some vulnerabilities are caused due to a vulnerable bundled version of Samba. For more information: SA41354 SA43512 26) An error in servermgrd when handling XML-RPC requests can be exploited to disclose arbitrary files from the local resources. 27) A vulnerability is caused due to a vulnerable bundled version of subversion. For more information: SA43603 SOLUTION: Update to version 10.6.8 or apply Security Update 2011-004. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Paul Nelson 3) Marc Schoenefeld, Red Hat Security Response Team and Harry Sintonen 4) Chris Hawk and Wan-Teh Chang, Google 5) binaryproof via ZDI 6) Harry Sintonen 7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 8) team karlkani 9) Dominic Chell, NGS Secure 10) Harry Sintonen 11) David Bienvenu, Mozilla 12) Thomas Clement, Intego 13) Maksymilian Arciemowicz 14) Chris Evans, Google Chrome Security Team 15) Aaron Sigel, vtty.com 19)Tobias Klein via iDefense 20, 22) Luigi Auriemma via ZDI 21) Honggang Ren, Fortinet's FortiGuard Labs 23) Subreption LLC via ZDI 24) Luigi Auriemma via iDefense 1, 26) Reported by the vendor ORIGINAL ADVISORY: Apple Security Update 2011-004: http://support.apple.com/kb/HT4723 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2011-0202 // JVNDB: JVNDB-2011-001830 // BID: 48427 // VULHUB: VHN-48147 // PACKETSTORM: 103216 // PACKETSTORM: 102569

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.6.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.8

Trust: 0.3

sources: BID: 48427 // JVNDB: JVNDB-2011-001830 // CNNVD: CNNVD-201106-307 // NVD: CVE-2011-0202

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0202
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-0202
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201106-307
value: MEDIUM

Trust: 0.6

VULHUB: VHN-48147
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-0202
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-48147
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48147 // JVNDB: JVNDB-2011-001830 // CNNVD: CNNVD-201106-307 // NVD: CVE-2011-0202

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-48147 // JVNDB: JVNDB-2011-001830 // NVD: CVE-2011-0202

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201106-307

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201106-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001830

PATCH

title:HT4723url:http://support.apple.com/kb/HT4723

Trust: 0.8

title:HT4808url:http://support.apple.com/kb/HT4808

Trust: 0.8

sources: JVNDB: JVNDB-2011-001830

EXTERNAL IDS

db:NVDid:CVE-2011-0202

Trust: 2.9

db:JVNDBid:JVNDB-2011-001830

Trust: 0.8

db:CNNVDid:CNNVD-201106-307

Trust: 0.7

db:SECUNIAid:45054

Trust: 0.7

db:APPLEid:APPLE-SA-2011-06-23-1

Trust: 0.6

db:NSFOCUSid:17108

Trust: 0.6

db:NSFOCUSid:17117

Trust: 0.6

db:BIDid:48427

Trust: 0.4

db:VULHUBid:VHN-48147

Trust: 0.1

db:PACKETSTORMid:103216

Trust: 0.1

db:PACKETSTORMid:102569

Trust: 0.1

sources: VULHUB: VHN-48147 // BID: 48427 // JVNDB: JVNDB-2011-001830 // PACKETSTORM: 103216 // PACKETSTORM: 102569 // CNNVD: CNNVD-201106-307 // NVD: CVE-2011-0202

REFERENCES

url:http://support.apple.com/kb/ht4723

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2011//jul/msg00002.html

Trust: 1.1

url:http://support.apple.com/kb/ht4808

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0202

Trust: 0.8

url:http://jvn.jp/cert/jvnvu976710

Trust: 0.8

url:http://jvn.jp/cert/jvnvu781747

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0202

Trust: 0.8

url:http://secunia.com/advisories/45054

Trust: 0.6

url:http://www.nsfocus.net/vulndb/17117

Trust: 0.6

url:http://www.nsfocus.net/vulndb/17108

Trust: 0.6

url:http://www.apple.com/macosx/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-1420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0240

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0238

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0201

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0233

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0234

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0202

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://www.apple.com/safari/download/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0215

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0164

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1383

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0225

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3829

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1823

Trust: 0.1

url:http://secunia.com/products/corporate/vim/fs_request_2011/

Trust: 0.1

url:http://secunia.com/advisories/45054/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45054

Trust: 0.1

url:http://secunia.com/advisories/45054/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-48147 // BID: 48427 // JVNDB: JVNDB-2011-001830 // PACKETSTORM: 103216 // PACKETSTORM: 102569 // CNNVD: CNNVD-201106-307 // NVD: CVE-2011-0202

CREDITS

Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team

Trust: 0.3

sources: BID: 48427

SOURCES

db:VULHUBid:VHN-48147
db:BIDid:48427
db:JVNDBid:JVNDB-2011-001830
db:PACKETSTORMid:103216
db:PACKETSTORMid:102569
db:CNNVDid:CNNVD-201106-307
db:NVDid:CVE-2011-0202

LAST UPDATE DATE

2024-11-23T21:07:48.664000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-48147date:2011-07-23T00:00:00
db:BIDid:48427date:2015-03-19T09:44:00
db:JVNDBid:JVNDB-2011-001830date:2011-08-01T00:00:00
db:CNNVDid:CNNVD-201106-307date:2011-06-28T00:00:00
db:NVDid:CVE-2011-0202date:2024-11-21T01:23:32.077

SOURCES RELEASE DATE

db:VULHUBid:VHN-48147date:2011-06-24T00:00:00
db:BIDid:48427date:2011-06-23T00:00:00
db:JVNDBid:JVNDB-2011-001830date:2011-07-06T00:00:00
db:PACKETSTORMid:103216date:2011-07-21T14:16:35
db:PACKETSTORMid:102569date:2011-06-24T11:18:16
db:CNNVDid:CNNVD-201106-307date:2011-06-27T00:00:00
db:NVDid:CVE-2011-0202date:2011-06-24T20:55:02.247