Mac OS X LaunchServices Safe File Type Bypass

2006-03-10T17:47:38
ID OSVDB:23870
Type osvdb
Reporter Andris Baumberger(), Will Dormann()
Modified 2006-03-10T17:47:38

Description

Vulnerability Description

LaunchServices contains a flaw that may allow a malicious application to appear as a safe file type. It is possible that the flaw may allow malicious file to be executed automatically when visiting a malicious web site resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.

Short Description

LaunchServices contains a flaw that may allow a malicious application to appear as a safe file type. It is possible that the flaw may allow malicious file to be executed automatically when visiting a malicious web site resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015760 Secunia Advisory ID:19129 Related OSVDB ID: 23871 Related OSVDB ID: 23872 Related OSVDB ID: 23869 Related OSVDB ID: 23873 News Article: http://www.macnn.com/articles/06/03/13/security.update.2006.002/ Keyword: Security Update 2006-002 FrSIRT Advisory: ADV-2006-0949 CVE-2006-0398