Mac OS X AppKit Word Document Overflow

2005-08-16T23:51:27
ID OSVDB:18775
Type osvdb
Reporter OSVDB
Modified 2005-08-16T23:51:27

Description

Vulnerability Description

A local overflow exists in Mac OS X. The AppKit fails to validate Microsoft Word .doc files resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

This flaw exists only within AppKit and applications like TextEdit which rely on AppKit. Microsoft Word is not affected.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. The AppKit fails to validate Microsoft Word .doc files resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014695 Secunia Advisory ID:16449 ISS X-Force ID: 21863 CVE-2005-2502 Bugtraq ID: 11802