OpenType Sanitizer Off By One Remote Code Execution Vulnerability
BID:53222
Info
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
| Bugtraq ID: | 53222 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-3062 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2012 12:00AM |
| Updated: | Apr 13 2015 10:25PM |
| Credit: | Mateusz Jurczyk of the Google Security Team |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise SDK 11 SP2 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 10 SP4 SuSE Suse Linux Enterprise Desktop 11 SP2 SuSE Suse Linux Enterprise Desktop 11 SP1 SuSE Suse Linux Enterprise Desktop 10 SP4 Sun Solaris 11 Sun Solaris 10 S.u.S.E. openSUSE 11.4 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mozilla Thunderbird ESR 10.0.3 Mozilla Thunderbird ESR 10.0.2 Mozilla Thunderbird 9.0 Mozilla Thunderbird 8.0 Mozilla Thunderbird 7.0.1 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6.0.2 Mozilla Thunderbird 6.0.1 Mozilla Thunderbird 6.0 Mozilla Thunderbird 6 Mozilla Thunderbird 6 Mozilla Thunderbird 5.0 Mozilla Thunderbird 5 Mozilla Thunderbird 11.0 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla Thunderbird 10.0 Mozilla SeaMonkey 2.0.11 Mozilla SeaMonkey 2.0.9 Mozilla SeaMonkey 2.0.8 Mozilla SeaMonkey 2.0.5 Mozilla SeaMonkey 2.0.4 Mozilla SeaMonkey 2.0.3 Mozilla SeaMonkey 2.0.2 Mozilla SeaMonkey 2.0.1 Mozilla SeaMonkey 2.8 Mozilla SeaMonkey 2.7.2 Mozilla SeaMonkey 2.7.1 Mozilla SeaMonkey 2.7 Mozilla SeaMonkey 2.6 Mozilla SeaMonkey 2.5 Mozilla SeaMonkey 2.4 Mozilla SeaMonkey 2.3 Mozilla SeaMonkey 2.2 Mozilla SeaMonkey 2.1b2 Mozilla SeaMonkey 2.1 Alpha3 Mozilla SeaMonkey 2.1 Alpha2 Mozilla SeaMonkey 2.1 Alpha1 Mozilla SeaMonkey 2.1 Mozilla SeaMonkey 2.0.9 Mozilla SeaMonkey 2.0.7 Mozilla SeaMonkey 2.0.6 Mozilla SeaMonkey 2.0.5 Mozilla SeaMonkey 2.0.4 Mozilla SeaMonkey 2.0.14 Mozilla SeaMonkey 2.0.13 Mozilla SeaMonkey 2.0.12 Mozilla SeaMonkey 2.0.10 Mozilla SeaMonkey 2.0 Rc2 Mozilla SeaMonkey 2.0 Rc1 Mozilla SeaMonkey 2.0 Beta 2 Mozilla SeaMonkey 2.0 Beta 1 Mozilla SeaMonkey 2.0 Alpha 3 Mozilla SeaMonkey 2.0 Alpha 2 Mozilla SeaMonkey 2.0 Alpha 1 Mozilla SeaMonkey 2.0 Mozilla Firefox ESR 10.0.3 Mozilla Firefox ESR 10.0.2 Mozilla Firefox 9.0.1 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 7 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6 Mozilla Firefox 5.0.1 Mozilla Firefox 5.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 Mozilla Firefox 10 Moonchild Productions Pale Moon 9.2 Moonchild Productions Pale Moon 9.1 Moonchild Productions Pale Moon 9.0.1 Moonchild Productions Pale Moon 11.0 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Google Chrome 17.0.963 79 Google Chrome 17.0.963 65 Google Chrome 16.0.912 75 Google Chrome 15.0.874 102 Google Chrome 17.0.963.83 Google Chrome 17.0.963.78 Google Chrome 17.0.963.60 Google Chrome 17.0.963.56 Google Chrome 17.0.963.46 Google Chrome 16.0.912.77 Google Chrome 16.0.912.75 Google Chrome 16.0.912.63 Google Chrome 16 Google Chrome 15.0.874.121 Google Chrome 15.0.874.120 Google Chrome 14.0.835.202 Google Chrome 14.0.835.186 Google Chrome 14.0.835.163 Google Chrome 14 Google Chrome 13.0.782.215 Google Chrome 13.0.782.112 Google Chrome 13.0.782.107 Google Chrome 13 Google Chrome 12.0.742.91 Google Chrome 12.0.742.112 Google Chrome 12.0.742.100 Google Chrome 12 Google Chrome 11.0.696.77 Google Chrome 11.0.696.71 Google Chrome 11.0.696.68 Google Chrome 11.0.696.65 Google Chrome 11.0.696.57 Google Chrome 11.0.696.43 Google Chrome 11.0.672.2 Google Chrome 11 Google Chrome 10.0.648.205 Google Chrome 10.0.648.205 Google Chrome 10.0.648.204 Google Chrome 10.0.648.133 Google Chrome 10.0.648.128 Google Chrome 10.0.648.127 Google Chrome 10.0.648.127 Google Chrome 10 Gentoo Linux |
| Not Vulnerable: |
Mozilla Thunderbird ESR 10.0.4 Mozilla Thunderbird 12.0 Mozilla SeaMonkey 2.9 Mozilla Firefox ESR 10.0.4 Mozilla Firefox 12.0 Moonchild Productions Pale Moon 12.0 Google Chrome 18.0.1025.142 |
Discussion
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
OpenType Sanitizer is prone to a remote code execution vulnerability due to an off-by-one error.
An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted OpenType file. Successful exploits will result in the execution of arbitrary code in the context of the affected application.
NOTE: This issue was previously documented in BID 52762 (Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities) but has been given its own record to better document it.
OpenType Sanitizer is prone to a remote code execution vulnerability due to an off-by-one error.
An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted OpenType file. Successful exploits will result in the execution of arbitrary code in the context of the affected application.
NOTE: This issue was previously documented in BID 52762 (Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Solution / Fix
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva firefox-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-af-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ar-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-be-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-bg-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-bn-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ca-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-cs-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-cy-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-da-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-de-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-devel-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-el-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-en_GB-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-eo-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-es_AR-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-es_ES-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-et-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-eu-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-fi-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-fr-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-fy-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ga_IE-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-gl-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-gu_IN-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-he-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-hi-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-hu-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-id-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-is-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-it-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ja-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ka-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-kn-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ko-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ku-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-lt-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-lv-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-mk-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-mr-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-nb_NO-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-nl-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-nn_NO-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-oc-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-pa_IN-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-pl-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-pt_BR-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-pt_PT-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ro-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-ru-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-si-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-sk-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-sl-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-sq-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-sr-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-sv_SE-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-te-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-th-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-tr-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-uk-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-zh_CN-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva firefox-zh_TW-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva icedtea-web-1.1.5-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva icedtea-web-javadoc-1.1.5-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libiw29-29-3.1mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libiw29-devel-29-3.1mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libvpx-devel-0.9.7-0.2mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libvpx-utils-0.9.7-0.2mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libvpx0-0.9.7-0.2mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libxulrunner-devel-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libxulrunner10.0.4-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva python-cython-0.15-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wireless-tools-29-3.1mnb2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva xulrunner-10.0.4-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva yasm-1.1.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva yasm-devel-1.1.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva yasm-python-1.1.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
References
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
References:
References:
- Google Chrome Homepage (Google)
- Pale Moon: Release notes 12.0 (Pale Moon)
- 18.0.1025.142 Stable Channel Release and Beta Channel Update (Google)
- Mozilla Foundation Security Advisory 2012-31 (Mozilla)