Home > Exploits > CVE-2010-1120

CVE-2010-1120

DESCRIPTION:
A vulnerability has been reported in Apple Mac OS X, which can be
exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an indexing error in Apple Type
Services within the “TType1ParsingContext::SpecialEncoding()” method
in libFontParser.dylib when parsing embedded fonts. This can be
exploited to corrupt memory e.g. via a specially crafted PDF file
opened in Preview
.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in Mac OS X Server 10.5, Mac OS X 10.5,
Mac OS X 10.6, and Mac OS X Server 10.6.

SOLUTION:
Apply Security Update 2010-003.

Sourced: http://secunia.com/advisories/39426/

Reference: CVE-2010-1120 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1120

Description:
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.

  1. Steve
    April 19, 2010 at 12:47 pm

    This vulnerability is used against Mac users, coming by a corrupted e-mail. This gives a working DOS at the moment. Read a story on rixstep.com.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: