ID CVE-2011-0200
Summary Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.6
    cpe:2.3:o:apple:mac_os_x:10.6.6
  • Apple Mac OS X 10.6.7
    cpe:2.3:o:apple:mac_os_x:10.6.7
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Apple Mac OS X Server 10.6.4
    cpe:2.3:o:apple:mac_os_x_server:10.6.4
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.5
    cpe:2.3:o:apple:mac_os_x_server:10.6.5
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.6
    cpe:2.3:o:apple:mac_os_x_server:10.6.6
  • Apple Mac OS X Server 10.6.7
    cpe:2.3:o:apple:mac_os_x_server:10.6.7
CVSS
Base: 6.8 (as of 27-06-2011 - 09:21)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id SAFARI_5_1.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.1. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - ColorSync - CoreFoundation - CoreGraphics - International Components for Unicode - ImageIO - libxslt - libxml - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 55639
    published 2011-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55639
    title Safari < 5.1 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2011-004.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components : - AirPort - App Store - ColorSync - CoreGraphics - ImageIO - Libsystem - libxslt - MySQL - patch - Samba - servermgrd - subversion
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 55415
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55415
    title Mac OS X Multiple Vulnerabilities (Security Update 2011-004)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_10_5_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 56470
    published 2011-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56470
    title Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-001.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 57798
    published 2012-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57798
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
  • NASL family Windows
    NASL id ITUNES_10_5.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components : - CoreFoundation - ColorSync - CoreAudio - CoreMedia - ImageIO - WebKit
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 56469
    published 2011-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56469
    title Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)
refmap via4
apple
  • APPLE-SA-2011-06-23-1
  • APPLE-SA-2011-07-20-1
  • APPLE-SA-2011-10-11-1
  • APPLE-SA-2012-02-01-1
confirm
Last major update 03-02-2012 - 22:56
Published 24-06-2011 - 16:55
Back to Top