ID CVE-2011-0201
Summary Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.
References
Vulnerable Configurations
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.6
    cpe:2.3:o:apple:mac_os_x:10.6.6
  • Apple Mac OS X 10.6.7
    cpe:2.3:o:apple:mac_os_x:10.6.7
  • Apple Mac OS X Server 10.6.4
    cpe:2.3:o:apple:mac_os_x_server:10.6.4
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.5
    cpe:2.3:o:apple:mac_os_x_server:10.6.5
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.6
    cpe:2.3:o:apple:mac_os_x_server:10.6.6
  • Apple Mac OS X Server 10.6.7
    cpe:2.3:o:apple:mac_os_x_server:10.6.7
CVSS
Base: 7.5 (as of 27-06-2011 - 09:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id SAFARI_5_1.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.1. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - ColorSync - CoreFoundation - CoreGraphics - International Components for Unicode - ImageIO - libxslt - libxml - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 55639
    published 2011-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55639
    title Safari < 5.1 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_8.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion
    last seen 2019-02-21
    modified 2018-08-22
    plugin id 55416
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55416
    title Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
refmap via4
apple
  • APPLE-SA-2011-06-23-1
  • APPLE-SA-2011-07-20-1
confirm
Last major update 22-07-2011 - 22:39
Published 24-06-2011 - 16:55
Back to Top