Vulnerability Note VU#124280
Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk images
A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service.
Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file. According to Apple security document 305214 :
An integer overflow vulnerability exists in the handler for AppleSingleEncoding disk images. By enticing a local user to open a maliciously-crafted disk image, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of AppleSingleEncoding disk images.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. The crafted AppleSingleEncoding disk image may be supplied on a webpage or in email for the victim to select, or by some other means designed to encourage them to mount the exploit file.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||15 Mar 2007|
CVSS Metrics (Learn More)
This vulnerability was reported in Apple Security Update 2007-003.
This document was written by Chris Taschner.
- CVE IDs: CVE-2007-0722
- Date Public: 13 Mar 2007
- Date First Published: 16 Mar 2007
- Date Last Updated: 16 Mar 2007
- Severity Metric: 18.00
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.