2 matches found
CVE-2011-0178
CVE-2011-0178 concerns the CarbonCore FSFindFolder API on Mac OS X prior to 10.6.7. When called with the kTemporaryFolderType flag, FSFindFolder returns a world-readable directory, enabling a local attacker to access potentially sensitive information via this directory. The core issue is an infor...
CVE-2008-2320
CVE-2008-2320 is a stack-based buffer overflow in CarbonCore used by Apple Mac OS X (10.4.11 and 10.5.4), iPhone OS 1.0–2.2.1, and iPod touch OS 1.1–2.2.1. The flaw allows context-dependent attackers to execute arbitrary code or cause an application crash by providing a long filename to the file ...