Vulnerability Note VU#566875

Apple Help Viewer vulnerable to buffer overflow

Original Release date: 29 May 2008 | Last revised: 29 May 2008

Overview

A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service.

Description

According to Apple Security Update 2008-003:

    An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution.


Note that this issue affects systems running Mac OS X prior to version 10.5.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.

Solution

Apply Update
This issue is addressed in Apple Security Update 2008-003. An update for Mac OS X is available on Apple Downloads and via Software Update.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-29 May 2008
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This issue was reported in Apple Security Update 2008-003. Apple credits Paul Haddad of PTH with reporting this issue.

This document was written by Chris Taschner.

Other Information

  • CVE IDs: CVE-2008-1034
  • Date Public: 28 May 2008
  • Date First Published: 29 May 2008
  • Date Last Updated: 29 May 2008
  • Severity Metric: 8.68
  • Document Revision: 6

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.