Vulnerability Note VU#435188
Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files
A buffer overflow vulnerability exists in a component of Apple's Mac OS X operating system that handles rich text files.
The Cocoa Application Framework (also referred to as the Application Kit, or AppKit) is one of the core Cocoa frameworks supplied with Apple's Mac OS X operating system. It provides functionality and associated application program interfaces (APIs) for applications, including objects for graphical user interfaces (GUIs), event-handling mechanisms, application services, and drawing and image composition facilities.
A buffer overflow exists in the AppKit component designed to handle rich text (.rtf) files. This vulnerability affects applications that use AppKit (such as TextEdit) to open .rtf files. A maliciously crafted .rtf file could be used to execute arbitrary code on a vulnerable system.
An attacker with the ability to supply a maliciously crafted .rtf file could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user opening the malicious file.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||17 Aug 2005|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for reporting this vulnerability.
This document was written by Chad R Dougherty based on information supplied by Apple.
- CVE IDs: CAN-2005-2501
- Date Public: 15 Aug 2005
- Date First Published: 17 Aug 2005
- Date Last Updated: 18 Aug 2005
- Severity Metric: 15.49
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.