Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certLMHVU:240880
HistoryFeb 16, 2007 - 12:00 a.m.

Apple Mac OS X Finder DMG volume name buffer overflow

2007-02-1600:00:00
LMH
www.kb.cert.org
11

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.966 High

EPSS

Percentile

99.6%

JSON

Overview

Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder contains a buffer overflow vulnerability in the handling of DMG volume names. Specifically, a DMG file with a volume name of more than 255 bytes can trigger memory corruption. Note that by default, Safari will automatically mount DMG files that are referenced in web pages.

Impact

By convincing a user to mount a specially-crafted DMG file, such as by viewing a web page with Safari, a remote, unauthenticated attacker may be able to execute code with the privileges of the user or cause a denial-of-service condition.

Solution

Apply an update

This issue is addressed in Apple Security Update 2007-002.

Disable “Open ‘safe’ files after downloading”

Disable the option “Open ‘safe’ files after downloading,” as specified in the Securing Your Web Browser document. This will help prevent automatic exploitation of this and other vulnerabilities.

Vendor Information

240880

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Updated: February 16, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Apple Security Update 2007-002.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23240880 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was publicly disclosed by LMH.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2007-0197
Severity Metric: 10.29 Date Public:

Related

checkpoint_advisories 2
prion 1
cve 1
securityvulns 1
nessus 1
checkpoint_advisories
checkpoint_advisories
Apple Computer Finder DMG Volume Name Memory Corruption - Ver2 (CVE-2007-0197)
2014-12-28 00:00:00
Apple Computer Finder DMG Volume Name Memory Corruption (CVE-2007-0197)
2009-10-05 00:00:00
prion
prion
Memory corruption
2007-01-11 11:28:00
cve
cve
CVE-2007-0197
2007-01-11 11:28:00
securityvulns
securityvulns
Mac OS X / Apple Finder multiple file system parsing vulnerabilities
2007-01-16 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2007-002)
2007-02-16 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.966 High

EPSS

Percentile

99.6%

JSON
Related for VU:240880
checkpoint_advisories2prion1cve1securityvulns1nessus1