Apple Mac OS X Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to cause a denial of service, disclose sensitive information, bypass security restrictions or compromise an affected system.

1. Due to a memory corruption error in Safari when handling malformed URLs, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

2. Due to a design error in Launch Services, which could allow an uninstalled application to be launched if it is present in a Time Machine backup.

3. Due to an implementation issue in Mail's handling of "file://" URLs, which could allow arbitrary applications to be launched without warning when a user clicks a URL in a message.

4. Due to a memory corruption error in NFS's handling of mbuf chains, which could be exploited by attackers to crash or compromise an affected system.

5. Due to an error in Parental Controls that inadvertently contact www.apple.com when a website is unblocked, which could allow a remote user to detect the machines running Parental Controls.

6. Due to an error in Samba, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. It is caused by a buffer overflow error in the "send_mailslot()" function when processing a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string, which could be exploited by remote attackers to crash or compromise a vulnerable server with the "domain logons" option enabled.

7. Due to an input validation error in the processing of URL schemes handled by Terminal.app, which could be exploited by a malicious web site to cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution.

8. Due to errors in X11, which could be exploited by attackers to cause a denial of service or execute arbitrary code.

- It is caused by integer overflow errors within the handlers for the "QueryXBitmaps" and "QueryXExtents" protocol requests when calling the "build_range()" function, which could be exploited by attackers to cause a heap overflow and compromise a vulnerable system via a specially crafted request.

- It is caused by memory corruption errors within the handlers for the "QueryXBitmaps" and "QueryXExtents" protocol requests when calling the "swap_char2b()" function, which could be exploited by attackers to swap an arbitrary number of bytes on the heap.

9. Due to an error in the X11 server that does not correctly read its "Allow connections from network client" preference, which can cause the X11 server to allow connections from network clients, even when the preference is turned off.