Apple Mac OS X AppKit vulnerable to buffer overflow via maliciously crafted Microsoft Word files

Overview

A buffer overflow vulnerability exists in a component of Apple’s Mac OS X operating system that handles Microsoft Word files.

Description

The Cocoa Application Framework (also referred to as the Application Kit, or AppKit) is one of the core Cocoa frameworks supplied with Apple’s Mac OS X operating system. It provides functionality and associated Application Program Interfaces (APIs) for applications, including objects for graphical user interfaces (GUIs), event-handling mechanisms, application services, and drawing and image composition facilities.

A buffer overflow exists in the AppKit component designed to handle Microsoft Word (.doc) files. Apple notes in its security advisory that this vulnerability only affects applications that use AppKit (such as TextEdit) and that Microsoft Word for Mac OS X is not vulnerable. A maliciously crafted .doc file could be used to execute arbitrary code on a vulnerable system.

---

Impact

An attacker with the ability to supply a maliciously crafted Microsoft Word .doc file could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user opening the malicious file.

---

Solution

Apply a patch

Apple has released a patch to address this issue and other security issues in Security Update 2005-007. Users are encouraged to apply the patches from this update.

---

Vendor Information

172948

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Updated: August 17, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Apple has released a patch to address this issue and other security issues in Security Update 2005-007. Users are encouraged to apply the patches from this update.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23172948 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://secunia.com/advisories/16449/&gt;
• <http://www.auscert.org.au/5391&gt;
• <http://www.ciac.org/ciac/bulletins/p-276.shtml&gt;

Acknowledgements

Thanks to Apple Product Security for reporting this vulnerability.

This document was written by Chad Dougherty based on information supplied by Apple.

Other Information

CVE IDs:	CVE-2005-2502
Severity Metric:	15.49 Date Public: