Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability

Bugtraq ID:	38955
Class:	Unknown
CVE:	CVE-2010-1120
Remote:	Yes
Local:	No
Published:	Mar 24 2010 12:00AM
Updated:	Apr 15 2010 06:54PM
Credit:	This issue was disclosed by Charlie Miller during the Pwn2Own 2010 contest as part of the CanSecWest security conference.
Vulnerable:	Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.6 Apple Mac OS X 10.5
Not Vulnerable:

Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability

The researcher responsible for discovering this issue has developed exploit code to trigger this vulnerability. This exploit code is not known to be publicly available.

Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability

References:

• Apple iPhone, Microsoft IE 8 get hacked in Pwn2Own contest (TechTarget)
  
• iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest (cnet)
  
• Pwn2Own 2010 (TippingPoint)
  
• Safari Home Page (Apple)
  
• ZDI-10-076: Apple Preview libFontParser SpecialEncoding Remote Code Execution Vu (ZDI Disclosures )
  
• About the content of Security Update 2010-003 (Apple)