Users of Apple OS X ATSServer CFF please be advised of a arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
CORE-2010-0825: [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
Impact: Code execution
*Vulnerability Description*
The Apple Type Services is prone to memory corruption due a sign
mismatch vulnerability when handling the last offset value of the
CharStrings INDEX structure.
This vulnerability could be used by a remote attacker to execute
arbitrary code, by enticing the user of Mac OS X v10.5.x to view or
download a PDF document containing a embedded malicious CFF font
(Compact Font Format [1]).
This vulnerability is a variation of the vulnerability labeled as
CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation).Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/f10s

No comments:
Post a Comment