Mac OS X LaunchServices Unsafe Mime Type Database Check Bypass

2005-06-02T00:00:00
ID OSVDB:17270
Type osvdb
Reporter OSVDB
Modified 2005-06-02T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious application to bypass security checks and execute. The issue is triggered when a file type or MIME entry is added to the unsafe file types database without a corresponding UTI (Uniform Type Identifier), which will cause a query on the specified file type to fail to return as unsafe. It is possible that the flaw may allow malicious code to execute resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious application to bypass security checks and execute. The issue is triggered when a file type or MIME entry is added to the unsafe file types database without a corresponding UTI (Uniform Type Identifier), which will cause a query on the specified file type to fail to return as unsafe. It is possible that the flaw may allow malicious code to execute resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014141 Secunia Advisory ID:15481 ISS X-Force ID: 20951 CVE-2005-1723