Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12362
HistoryApr 21, 2006 - 12:00 a.m.

[SA19686] Mac OS X Multiple Potential Vulnerabilities

2006-04-2100:00:00
vulners.com
9

TITLE:
Mac OS X Multiple Potential Vulnerabilities

SECUNIA ADVISORY ID:
SA19686

VERIFY ADVISORY:
http://secunia.com/advisories/19686/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Tom Ferris has reported some potential vulnerabilities in Mac OS X,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

1) An error exists in the "BOMStackPop()" function in the
BOMArchiveHelper when decompressing malformed ZIP archives.

2) Some errors exists in the "KWQListIteratorImpl()", "drawText()",
and "objc_msgSend_rtp()" functions in Safari when processing
malformed HTML tags.

3) An error exists in the "ReadBMP()" function when processing
malformed BMP images and can be exploited via e.g. Safari or the
Preview application.

4) An error exists in the "CFAllocatorAllocate()" function when
processing malformed GIF images and can be exploited via e.g. Safari
when a user visits a malicious web site.

5) Two errors exists in the " _cg_TIFFSetField ()" and
"PredictorVSetField()" functions when processing malformed TIFF
images and can be exploited via e.g. the Preview, Finder, QuickTime,
or Safari applications.

The vulnerabilities have been reported in version 10.4.6. Other
versions may also be affected.

SOLUTION:
Do not visit untrusted web sites, and do not open ZIP archives or
images originating from untrusted sources.

PROVIDED AND/OR DISCOVERED BY:
Tom Ferris

ORIGINAL ADVISORY:
Tom Ferris:
http://www.security-protocols.com/sp-x25-advisory.php
http://www.security-protocols.com/sp-x26-advisory.php
http://www.security-protocols.com/sp-x27-advisory.php
http://www.security-protocols.com/sp-x28-advisory.php
http://www.security-protocols.com/sp-x29-advisory.php
http://www.security-protocols.com/sp-x30-advisory.php


About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.