Arbitrary Code Execution and Denial of Service Vulnerability in libsecurity in Apple Mac OS X

CVE-2011-3227 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.

Learn more about our Web App Pen Testing.