Overview
A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service.
Description
According to Apple Security Update 2008-003: An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution. Note that this issue affects systems running Mac OS X prior to version 10.5. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service. |
Solution
Apply Update |
Vendor Information
566875
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This issue was reported in Apple Security Update 2008-003. Apple credits Paul Haddad of PTH with reporting this issue.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2008-1034 |
| Severity Metric: | 8.68 |
| Date Public: | 2008-05-28 |
| Date First Published: | 2008-05-29 |
| Date Last Updated: | 2008-05-29 19:01 UTC |
| Document Revision: | 6 |