N/A

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.

N/A

N/A

Apple iOS MobileSafari OfficeArtBlip解析整数溢出漏洞

在Apple Mac OS X 10.6.7之前版本和Apple iOS 4.2.7之前版本，4.3.2之前的4.3.x版本中的MobileSafari中使用的QuickLook在解析OfficeArtBlip时存在整数溢出漏洞。当处理OfficeArtMetafileHeader时，进程信任cbSize字段并在分配前对其执行运算工作。由于没有检查结果的溢出性，后续分配会不足。在复制到此缓冲区时，内存可被破坏导致以当前用户权限执行任意代码。

N/A

N/A