A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service.
According to Apple Security Update 2008-003:
An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution.
Note that this issue affects systems running Mac OS X prior to version 10.5.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.
This issue was reported in Apple Security Update 2008-003. Apple credits Paul Haddad of PTH with reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2008-05-29|
|Date Last Updated:||2008-05-29 19:01 UTC|