Short Name |
HTTP:STC:DL:APPLE-PICT |
---|---|
Severity |
Major |
Recommended |
No |
Category |
HTTP |
Keywords |
Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption |
Release Date |
2007/02/16 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Apple Quickdraw. An attacker can create a malicious Web page containing dangerous PICT images; when opened by a victim, the attacker can cause a denial-of-service condition with the possibility of remote code execution.
Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. Successfully exploiting this issue allows remote attackers to corrupt memory and crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed. Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4