Mac OS X Libinfo Crafted Web Page Unspecified Remote Code Execution

2007-04-19T10:33:35
ID OSVDB:34860
Type osvdb
Reporter Landon Fuller()
Modified 2007-04-19T10:33:35

Description

Vulnerability Description

An unspecified remote use-after-free flaw exists in Mac OS X. LibInfo fails to correctly report errors to applications which use it resulting in access to previously deallocated objects. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

An unspecified remote use-after-free flaw exists in Mac OS X. LibInfo fails to correctly report errors to applications which use it resulting in access to previously deallocated objects. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1017942 Secunia Advisory ID:24966 Related OSVDB ID: 34857 Related OSVDB ID: 34858 Related OSVDB ID: 34859 Related OSVDB ID: 34862 Related OSVDB ID: 34864 Related OSVDB ID: 34865 Related OSVDB ID: 34866 Related OSVDB ID: 34868 Related OSVDB ID: 34863 Related OSVDB ID: 34861 Related OSVDB ID: 34867 Related OSVDB ID: 34869 Related OSVDB ID: 34870 Related OSVDB ID: 34871 Mail List Post: http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html FrSIRT Advisory: ADV-2007-1470 CVE-2007-0735 Bugtraq ID: 23569