Signature Detail
Short Name |
HTTP:STC:DL:APPLE-DMG-VOLNAME |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple Computer Finder DMG Volume Name Memory Corruption |
Release Date |
2010/09/29 |
Update Number |
1782 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple Computer Finder DMG Volume Name Memory Corruption
This signature detects attempts to exploit a vulnerability in the Apple Computer Mac OSX Finder application. By supplying a specially crafted DMG file, an attacker can cause arbitrary code to be executed on the victim host.
Extended Description
Apple Mac OS X Finder is prone to a memory-corruption vulnerability. This issue occurs when the application fails to handle overly long DMG volume names. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Failed exploit attempts result in memory corruption and a crash of the application, denying service to legitimate users. Finder 10.4.6 on Mac OS X 10.4.8 X86 is vulnerable to this issue; other versions may also be affected.
Affected Products
- Apple Mac OS X 10.4.8
- Apple Mac OS X Server 10.4.8
References
- BugTraq: 21980
- CVE: CVE-2007-0197
- URL: http://projects.info-pull.com/moab/MOAB-09-01-2007.html