Apple Mac OS X QuickDraw InternalUnpackBits Remote Memory Corruption Vulnerability
BID:22228
Info
Apple Mac OS X QuickDraw InternalUnpackBits Remote Memory Corruption Vulnerability
| Bugtraq ID: | 22228 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0588 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2007 12:00AM |
| Updated: | Mar 15 2007 03:34AM |
| Credit: | This issue was discovered by Tom Ferris. |
| Vulnerable: |
Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 |
| Not Vulnerable: |
Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9 |
Discussion
Apple Mac OS X QuickDraw InternalUnpackBits Remote Memory Corruption Vulnerability
Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files.
Successfully exploiting this issue allows remote attackers to corrupt memory and to crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed.
Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4.
Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files.
Successfully exploiting this issue allows remote attackers to corrupt memory and to crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed.
Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4.
Exploit / POC
Apple Mac OS X QuickDraw InternalUnpackBits Remote Memory Corruption Vulnerability
Attackers can exploit this issue by enticing victims into opening a maliciously crafted PICT file.
Attackers can exploit this issue by enticing victims into opening a maliciously crafted PICT file.
Solution / Fix
Apple Mac OS X QuickDraw InternalUnpackBits Remote Memory Corruption Vulnerability
Solution:
The vendor has released Mac OS X v10.4.9 to address this issue; please see the reference section for details.
Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8
Solution:
The vendor has released Mac OS X v10.4.9 to address this issue; please see the reference section for details.
Apple Mac OS X Server 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
References
Apple Mac OS X QuickDraw InternalUnpackBits Remote Memory Corruption Vulnerability
References:
References:
- Mac OS X Homepage (Apple)
- Apple OS X QuickDraw 'InternalUnpackBits' Memory Corruption (Security-Protocols)
- Vulnerability Note VU#396820 - Apple QuickDraw Manager heap buffer overflow vuln (US-CERT)