Computer Security
[EN] no-pyccku

Apple Mac OS X multiple security vulnerabilities
updated since 07.04.2010
SecurityVulns ID:10746
Threat Level:
Description:Code execution on Internet Enabled Disk Image files. Multiple vulnerabilities in ImageIO,
CVE:CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.)
 CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.)
Original documentdocumentZDI, ZDI-10-076: Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability (19.04.2010)
 documentZDI, ZDI-10-039: Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability (07.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod