Vulnerability Note VU#514740
Apple Mac OS X Bom vulnerable to memory corruption via specially crafted ZIP file
A memory corruption vulnerability in the Mac OS X Bom could allow a remote attacker to execute arbitrary code on an affected system.
Apple's Bom is the archive file handler in the Mac OS X operating system. It features the ability to handle file archives in a number of different formats, including ZIP (.zip) files.
An unspecified heap memory corruption vulnerability exists in Bom's compression state handling that can be triggered by a specially crafted ZIP file.
A remote, unauthenticated attacker may be able to execute code, or cause the affected application to crash.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||02 Aug 2006||02 Aug 2006|
CVSS Metrics (Learn More)
Thanks to Apple for reporting this issue. Apple in turn credits Tom Ferris of Security-Protocols.com.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-3497
- Date Public: 01 Aug 2006
- Date First Published: 02 Aug 2006
- Date Last Updated: 02 Aug 2006
- Severity Metric: 0.48
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.