5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.9%
A buffer overflow vulnerability exists in a component of Apple’s Mac OS X operating system that handles Microsoft Word files.
The Cocoa Application Framework (also referred to as the Application Kit, or AppKit) is one of the core Cocoa frameworks supplied with Apple’s Mac OS X operating system. It provides functionality and associated Application Program Interfaces (APIs) for applications, including objects for graphical user interfaces (GUIs), event-handling mechanisms, application services, and drawing and image composition facilities.
A buffer overflow exists in the AppKit component designed to handle Microsoft Word (.doc
) files. Apple notes in its security advisory that this vulnerability only affects applications that use AppKit (such as TextEdit) and that Microsoft Word for Mac OS X is not vulnerable. A maliciously crafted .doc
file could be used to execute arbitrary code on a vulnerable system.
An attacker with the ability to supply a maliciously crafted Microsoft Word .doc
file could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user opening the malicious file.
Apply a patch
Apple has released a patch to address this issue and other security issues in Security Update 2005-007. Users are encouraged to apply the patches from this update.
172948
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 17, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Apple has released a patch to address this issue and other security issues in Security Update 2005-007. Users are encouraged to apply the patches from this update.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23172948 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Apple Product Security for reporting this vulnerability.
This document was written by Chad Dougherty based on information supplied by Apple.
CVE IDs: | CVE-2005-2502 |
---|---|
Severity Metric: | 15.49 Date Public: |