search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Apple Help Viewer vulnerable to buffer overflow

Vulnerability Note VU#566875

Original Release Date: 2008-05-29 | Last Revised: 2008-05-29

Overview

A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service.

Description

According to Apple Security Update 2008-003:


    An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution.

Note that this issue affects systems running Mac OS X prior to version 10.5.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.

Solution

Apply Update
This issue is addressed in Apple Security Update 2008-003. An update for Mac OS X is available on Apple Downloads and via Software Update.

Vendor Information

566875
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://lists.apple.com/archives/security-announce/2008/May/msg00001.html

Acknowledgements

This issue was reported in Apple Security Update 2008-003. Apple credits Paul Haddad of PTH with reporting this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2008-1034
Severity Metric: 8.68
Date Public: 2008-05-28
Date First Published: 2008-05-29
Date Last Updated: 2008-05-29 19:01 UTC
Document Revision: 6

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis