Mac OS X LaunchServices Code Execution

2004-06-07T00:00:00
ID OSVDB:8433
Type osvdb
Reporter OSVDB
Modified 2004-06-07T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when LaunchServices automatically registers applications to use when opening unregistered file types, without prompting the user. With a specially crafted file and application, an attacker could trick a user into opening and executing a malicious program. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when LaunchServices automatically registers applications to use when opening unregistered file types, without prompting the user. With a specially crafted file and application, an attacker could trick a user into opening and executing a malicious program. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1010414 Secunia Advisory ID:11689 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0094.html Keyword: APPLE-SA-2004-06-07 ISS X-Force ID: 16344 CVE-2004-0538 Bugtraq ID: 10486