CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2009 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2843 310 Exec Code 2009-12-08 2011-01-04
5.0
None Remote Low Not required None Partial None
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
2 CVE-2009-2839 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
3 CVE-2009-2838 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
4 CVE-2009-2837 119 DoS Exec Code Overflow 2009-11-10 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
5 CVE-2009-2833 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
6 CVE-2009-2831 Exec Code 2009-11-10 2009-11-17
5.8
None Local Network Low Not required Partial Partial Partial
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
7 CVE-2009-2830 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
8 CVE-2009-2828 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-11-17
7.5
None Remote Low Not required Partial Partial Partial
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
9 CVE-2009-2827 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
10 CVE-2009-2826 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
11 CVE-2009-2824 119 Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
12 CVE-2009-2819 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-11-17
9.3
None Remote Medium Not required Complete Complete Complete
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
13 CVE-2009-2812 Exec Code 2009-09-14 2012-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.
14 CVE-2009-2811 94 Exec Code 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
15 CVE-2009-2810 Exec Code 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.
16 CVE-2009-2809 94 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
17 CVE-2009-2808 310 Exec Code 2009-11-10 2009-11-17
5.4
None Local Network Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
18 CVE-2009-2805 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
19 CVE-2009-2804 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
20 CVE-2009-2803 399 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
21 CVE-2009-2800 119 DoS Exec Code Overflow 2009-09-11 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
22 CVE-2009-2205 119 DoS Exec Code Overflow 2009-09-09 2009-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
23 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
24 CVE-2009-2191 134 DoS Exec Code 2009-08-06 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
25 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
26 CVE-2009-1728 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
27 CVE-2009-1726 119 DoS Exec Code Overflow 2009-08-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
28 CVE-2009-1717 189 DoS Exec Code Overflow Mem. Corr. 2009-06-05 2018-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
29 CVE-2009-0944 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
30 CVE-2009-0943 20 Exec Code 2009-05-13 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
31 CVE-2009-0942 20 Exec Code 2009-05-13 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
32 CVE-2009-0160 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
33 CVE-2009-0158 119 DoS Exec Code Overflow 2009-05-13 2016-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
34 CVE-2009-0157 119 DoS Exec Code Overflow 2009-05-13 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
35 CVE-2009-0155 189 DoS Exec Code Overflow 2009-05-13 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
36 CVE-2009-0154 119 Exec Code Overflow 2009-05-13 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
37 CVE-2009-0145 94 DoS Exec Code Mem. Corr. 2009-05-13 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
38 CVE-2009-0139 189 DoS Exec Code Overflow 2009-02-12 2009-08-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
39 CVE-2009-0020 399 DoS Exec Code Mem. Corr. 2009-02-12 2009-08-19
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.
40 CVE-2009-0017 119 Exec Code Overflow 2009-02-12 2009-08-19
7.2
Admin Local Low Not required Complete Complete Complete
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.
41 CVE-2009-0012 119 Exec Code Overflow 2009-02-12 2011-01-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
42 CVE-2009-0010 189 1 DoS Exec Code Overflow 2009-05-13 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
43 CVE-2009-0009 119 DoS Exec Code Overflow Mem. Corr. 2009-02-12 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
Total number of vulnerabilities : 43   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.