Overview
Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges.
Description
The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevated privileges while operating on input submitted by users with normal privileges. |
Impact
A user with valid login credentials may be able to run commands or modify system files with elevated privileges. |
Solution
Apply an update |
Vendor Information
315856
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://docs.info.apple.com/article.html?artnum=305102
- http://developer.apple.com/documentation/CoreFoundation/Reference/CFUserNotificationRef/Reference/reference.html
- http://projects.info-pull.com/moab/MOAB-22-01-2007.html
- http://www.cocoadev.com/index.pl?InputManager
- http://secunia.com/advisories/23846/
- http://www.securityfocus.com/bid/22188
- http://secunia.com/advisories/24198/
Acknowledgements
LMH published this vulnerability on the Month of Apple Bugs website.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2007-0023 |
| Severity Metric: | 1.49 |
| Date Public: | 2007-01-23 |
| Date First Published: | 2007-02-19 |
| Date Last Updated: | 2007-02-19 16:19 UTC |
| Document Revision: | 23 |