Description: | Summary: Apple Mac OS X is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws exist due to:
- An input validation error exists in Help Viewer's handling of help: URLs.
- A buffer overflow exists in the handling of images.
- A double free issue exists in the renewal or validation of existing tickets in the KDC process.
- A logic issue in the handling of KDC requests may cause an assertion to be triggered.
- A logic issue exists in the handling of vfork where the Mach exception handler is not reset in a certain case.
- A format string issue exists in the handling of afp:, cifs:, and smb: URLs.
- A man-in-the-middle attack in Open Directory.
- A character encoding issue exists in Printer Setup's handling of nearby printers.
- An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter.
Vulnerability Impact: Successful exploitation will allow attacker to conduct cross-site scripting attack, access sensitive information, cause an unexpected application termination or arbitrary code execution, upload files to arbitrary locations on the filesystem of a user and cause privilege escalation.
Affected Software/OS: Apple Mac OS X and Mac OS X Server version 10.6 through 10.6.3
Solution: Upgrade to Apple Mac OS X version 10.6.4 or later.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|