低危 RIM Blackberry PNG/TIFF Image 内存破坏漏洞
CVE编号
CVE-2010-1205利用情况
POC 已公开补丁情况
官方补丁披露时间
2010-07-01漏洞描述
Blue Coat ProxyAV设备支持在Web网关检测恶意软件。Blue Coat ProxyAV使用的libpng库处理图像数据存在缓冲区溢出,攻击者可以利用漏洞使设备崩溃或可能以应用程序上下文执行任意代码。解决建议
用户可参考如下供应商提供的安全公告获得补丁信息:https://kb.bluecoat.com/index?page=content受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apple | itunes | * | Up to (excluding) 10.2 | |||||
| 运行在以下环境 | |||||||||
| 应用 | apple | safari | * | Up to (excluding) 5.0.4 | |||||
| 运行在以下环境 | |||||||||
| 应用 | chrome | * | Up to (excluding) 5.0.375.99 | ||||||
| 运行在以下环境 | |||||||||
| 应用 | libpng | libpng | * | Up to (excluding) 1.2.44 | |||||
| 运行在以下环境 | |||||||||
| 应用 | libpng | libpng | * | From (including) 1.4.0 | Up to (excluding) 1.4.3 | ||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | firefox | * | Up to (excluding) 3.5.11 | |||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | firefox | * | From (including) 3.5.12 | Up to (excluding) 3.6.7 | ||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | seamonkey | * | Up to (excluding) 2.0.6 | |||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | thunderbird | * | Up to (excluding) 3.0.6 | |||||
| 运行在以下环境 | |||||||||
| 应用 | mozilla | thunderbird | * | From (including) 3.0.7 | Up to (excluding) 3.1.1 | ||||
| 运行在以下环境 | |||||||||
| 应用 | vmware | player | * | From (including) 2.5 | Up to (excluding) 2.5.5 | ||||
| 运行在以下环境 | |||||||||
| 应用 | vmware | player | * | From (including) 3.1 | Up to (excluding) 3.1.2 | ||||
| 运行在以下环境 | |||||||||
| 应用 | vmware | workstation | * | From (including) 6.5.0 | Up to (excluding) 6.5.5 | ||||
| 运行在以下环境 | |||||||||
| 应用 | vmware | workstation | * | From (including) 7.1 | Up to (excluding) 7.1.2 | ||||
| 运行在以下环境 | |||||||||
| 系统 | centos_5 | thunderbird | * | Up to (excluding) 1.9.2.7-2.el5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | tuxonice-userui | * | Up to (excluding) 1.0-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | tuxonice-userui | * | Up to (excluding) 1.0-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | tuxonice-userui | * | Up to (excluding) 1.0-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_5.0 | libpng | * | Up to (excluding) 1.9.0.19-3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | tuxonice-userui | * | Up to (excluding) 1.0-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.1 | MozillaFirefox | * | Up to (excluding) 3.5.11-0.1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.2 | MozillaFirefox | * | Up to (excluding) 3.5.11-0.1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.3 | MozillaFirefox | * | Up to (excluding) 3.6.8-0.1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | libfreebl3-debuginfo-32bit | * | Up to (excluding) 24.8.0-127.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | oraclelinux-release | * | Up to (excluding) 3.6.7-2.0.1.el5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_5 | thunderbird | * | Up to (excluding) 0:2.0.0.24-6.el5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12 | MozillaFirefox | * | Up to (excluding) 31.1.0esr-1 | |||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 POC 已公开
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
| CWE-ID | 漏洞类型 |
| CWE-120 | 未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出) |
Exp相关链接
- avd.aliyun.com
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论