Mac OS X Disk URI Handler Arbitrary File Creation

2004-05-20T12:47:13
ID OSVDB:6536
Type osvdb
Reporter lixlpixel(me@lixlpixel.com)
Modified 2004-05-20T12:47:13

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially crafted web page is accessed, which causes a disk image file (.dmg) to be mounted as a disk volume, and malicious code to be executed. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially crafted web page is accessed, which causes a disk image file (.dmg) to be mounted as a disk volume, and malicious code to be executed. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1010167 Secunia Advisory ID:11689 Secunia Advisory ID:11622 Other Advisory URL: http://docs.info.apple.com/article.html?artnum=61798 Other Advisory URL: http://fundisom.com/owned/warning ISS X-Force ID: 16227 CVE-2004-0485 CERT VU: 210606 Bugtraq ID: 10401