CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%
Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder contains a buffer overflow vulnerability in the handling of DMG volume names. Specifically, a DMG file with a volume name of more than 255 bytes can trigger memory corruption. Note that by default, Safari will automatically mount DMG files that are referenced in web pages.
By convincing a user to mount a specially-crafted DMG file, such as by viewing a web page with Safari, a remote, unauthenticated attacker may be able to execute code with the privileges of the user or cause a denial-of-service condition.
Apply an update
This issue is addressed in Apple Security Update 2007-002.
Disable “Open ‘safe’ files after downloading”
Disable the option “Open ‘safe’ files after downloading,” as specified in the Securing Your Web Browser document. This will help prevent automatic exploitation of this and other vulnerabilities.
240880
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 16, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Apple Security Update 2007-002.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23240880 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was publicly disclosed by LMH.
This document was written by Will Dormann.
CVE IDs: | CVE-2007-0197 |
---|---|
Severity Metric: | 10.29 Date Public: |