CVE-2010-1752 « IT Security Geeks

CVE-2010-1752

IT Security Geeks would like to congratulate Neil Fryer for discovering a stack overflow vulnerability in Apple’s OS X CFNetwork.

The below is taken from the Apple Security update site:

CFNetwork

CVE-ID: CVE-2010-1752
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through
v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Visiting a maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution
Description: A stack overflow exists in CFNetwork’s URL handling code. Visiting a
maliciously crafted website may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking. Credit to Laurent
OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.


Filed under: Uncategorized

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.