Preemptive Protection against Apple Mac OS X CoreGraphics Heap Overflow Vulnerability
| Check Point Reference: | CPAI-2010-255 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Check Point Vulnerability Discovery Team (VDT) | |
| Industry Reference(s): | CVE-2010-1801 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Mac OS X v10.5.8
Mac OS X Server v10.5.8
Mac OS X v10.6.4
Mac OS X Server v10.6.4
| ||
| Vulnerability Description A heap buffer overflow Vulnerability has been discovered in Apple CoreGraphics. CoreGraphics refers to a pair of Mac OS X technologies, each part of the CoreGraphics framework: Quartz 2D and Quartz Compositor. It includes both a 2D renderer in CoreGraphics and the composition engine that sends instructions to the graphics card. Quartz's internal imaging model correlates well with the PDF object graph, making it easy to output PDF to multiple devices. Successful exploitation of this issue will allow execution of arbitrary code on an affected system. |
||
|
Vulnerability Details The vulnerability is due to the way CoreGraphics handles PDF files. A remote attacker could trigger this issue via a maliciously crafted PDF file. Successful exploitation will create a denial of service condition, causing the application to become non-responsive, and may allow execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system. |
Protection Overview
This protection will detect and block PDF files that contain malformed JBIG2 structure. No update is required to address this vulnerability.
Users are protected against this vulnerability if the protection for blocking malformed PDF files in the Protection section of SBP-2010-23 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.