CVE-2008-2304

Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service application crash via a .funhouse file with a string XML element that contains many characters...

Apple Xcode工具.funhouse文件XML数据处理缓冲区溢出漏洞

BUGTRAQ ID: 30189 CVECAN ID: CVE-2008-2304 Xcode是苹果机器上所使用的开发工具。 Xcode工具中包含有名为Core Image Fun House的示例应用程序，用于处理带有.funhouse扩展名的内容。Funhouse应用没有正确地解析XML数据，如果用户受骗打开了特制的.funhouse文件的话，就可能触发缓冲区溢出。以下是负责解析上述文件的代码： // render origin handles using AppKit directly - - CIImage drawPoints:CIImage im ... NSString...

Core Image Fun House <= 2.0 Arbitrary Code Execution PoC (OSX)

No description provided by source. !/usr/bin/ruby Copyright c Netragard, LLC. [email protected] /Developer/Applications/Graphics Tools/Core Image Fun House.app /Contents/MacOS/Core Image Fun House gdb x/10s 0xbfffddf7 0xbfffddf7: 'Z' repeats 101 times, "DCBA center" 2007-07-10 21:15:34.573 Cor...

Unfixed XSS vulnerability at funhouse.bubble.ro

Security researcher Hotpockets, has submitted on 17/05/2007 a cross-site-scripting XSS vulnerability affecting funhouse.bubble.ro, which at the time of submission ranked 30795 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/05/2007. It is...