Overview
Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder contains a buffer overflow vulnerability in the handling of DMG volume names. Specifically, a DMG file with a volume name of more than 255 bytes can trigger memory corruption. Note that by default, Safari will automatically mount DMG files that are referenced in web pages. |
Impact
By convincing a user to mount a specially-crafted DMG file, such as by viewing a web page with Safari, a remote, unauthenticated attacker may be able to execute code with the privileges of the user or cause a denial-of-service condition. |
Solution
Apply an update This issue is addressed in Apple Security Update 2007-002. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was publicly disclosed by LMH.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2007-0197 |
| Severity Metric: | 10.29 |
| Date Public: | 2007-01-09 |
| Date First Published: | 2007-02-16 |
| Date Last Updated: | 2007-02-23 14:05 UTC |
| Document Revision: | 11 |