Apple Mac OS X Podcast Producer Access Validation Vulnerability

Bugtraq ID:	39278
Class:	Access Validation Error
CVE:	CVE-2010-0511
Remote:	Yes
Local:	No
Published:	Mar 29 2010 12:00AM
Updated:	Mar 29 2010 12:00AM
Credit:	Apple
Vulnerable:	Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.6
Not Vulnerable:	Apple Mac OS X Server 10.6.3

Apple Mac OS X Podcast Producer Access Validation Vulnerability

Apple Mac OS X is prone to an access-validation vulnerability in the Podcast Producer component.

Attackers can exploit this issue to access affected Podcast Composer workflows; this may aid in further attacks.

Versions of Mac OS X Server 10.6 through 10.6.2 are vulnerable.

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.

Apple Mac OS X Podcast Producer Access Validation Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to overwrite the Podcast composer workflow.

Apple Mac OS X Podcast Producer Access Validation Vulnerability

Solution:
Updates are available to address this issue. Please see the references for more information.


Apple Mac OS X Server 10.6

• Apple MacOSXServerUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.1

• Apple MacOSXServerUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X Podcast Producer Access Validation Vulnerability

References:

• Cisco TelePresence Video Communication Server (VCS) Homepage (Cisco)