Vulnerability Note VU#396820
Apple QuickDraw Manager heap buffer overflow vulnerability
Apple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition.
PICT is a graphics file format that was used by Apple Macintosh systems prior to Mac OS X as their standard metafile format. OS X systems can open and display PICT files. Apple QuickDraw is a two dimensional graphics library that has been deprecated in Mac OS version 10.4.
Apple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code. By convincing a user to open a specially crafted PICT file with an application that uses the QuickDraw libraries, an attacker can trigger the overflow.
A remote unauthenticated attacker may be able to execute arbitrary code or create a denial-of-service condition. The specially crafted PICT file used to exploit this vulnerability may be supplied on a web page, in an email for the victim to select, or by some other means designed to encourage them to process the file with a vulnerable application.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||14 Mar 2007|
CVSS Metrics (Learn More)
Apple credits to Tom Ferris of Security-Protocols and Mike Price of McAfee AVERT Labs for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-0588
- Date Public: 13 Mar 2007
- Date First Published: 14 Mar 2007
- Date Last Updated: 20 Mar 2007
- Severity Metric: 5.10
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.