CVE Vulnerabilities

CVE-2011-1417

Published: Mar 11, 2011 | Modified: Mar 30, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.

Affected Software

Name Vendor Start Version End Version
Mac_os_x_server Apple 10.6.3 10.6.3
Mac_os_x Apple 10.6.3 10.6.3
Mac_os_x_server Apple * 10.6.6
Mac_os_x_server Apple 10.6.4 10.6.4
Mac_os_x Apple * 10.6.6
Mac_os_x_server Apple 10.6.5 10.6.5
Mac_os_x_server Apple 10.6.1 10.6.1
Mac_os_x_server Apple 10.6.2 10.6.2
Mac_os_x Apple 10.6.1 10.6.1
Mac_os_x_server Apple 10.6.0 10.6.0
Mac_os_x Apple 10.6.0 10.6.0
Mac_os_x Apple 10.6.2 10.6.2
Mac_os_x Apple 10.6.4 10.6.4
Mac_os_x Apple 10.6.5 10.6.5

References