|
|
|
 |
Vulnerability Note VU#124280Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk imagesOverviewA vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service.I. DescriptionApple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file. According to Apple security document 305214 :An integer overflow vulnerability exists in the handler for AppleSingleEncoding disk images. By enticing a local user to open a maliciously-crafted disk image, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of AppleSingleEncoding disk images. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. The crafted AppleSingleEncoding disk image may be supplied on a webpage or in email for the victim to select, or by some other means designed to encourage them to mount the exploit file.III. SolutionUpgradeApple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. See Apple Security Update 2007-003 for more details.
References
This vulnerability was reported in Apple Security Update 2007-003. This document was written by Chris Taschner.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader