Summary
This host is installed with Hex-Rays IDA Pro and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code or cause a denial of service.
Impact Level: Application
Solution
Apply patch
https://www.hex-rays.com/machofix.shtml
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Multiple flaws are due to
- A buffer overflow error in the Mach-O input file loader allows user-assisted remote attackers to cause a denial of service.
- An unspecified error related to 'converson of string encodings' and 'inconsistencies in the handling of UTF8 sequences by the user interface'.
- An integer overflow error in the COFF/EPOC/EXPLOAD input file loaders.
- An Integer overflow error in the PSX/GEOS input file loaders.
- An unspecified error in the Mach-O input file loader allows user-assisted remote attackers to cause a denial of service.
- An unspecified error in the PEF input file loader.
Affected
Hex-Rays IDA Pro versions 5.7 and 6.0
References
Severity
Classification
-
CVE CVE-2011-1049, CVE-2011-1050, CVE-2011-1051, CVE-2011-1052, CVE-2011-1053, CVE-2011-1054 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)