HTTP: Apple Computer Finder DMG Volume Name Memory Corruption
This signature detects attempts to exploit a vulnerability in the Apple Computer Mac OSX Finder application. By supplying a specially crafted DMG file, an attacker can cause arbitrary code to be executed on the victim host.
Extended Description
Apple Mac OS X Finder is prone to a memory-corruption vulnerability. This issue occurs when the application fails to handle overly long DMG volume names. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Failed exploit attempts result in memory corruption and a crash of the application, denying service to legitimate users. Finder 10.4.6 on Mac OS X 10.4.8 X86 is vulnerable to this issue; other versions may also be affected.
Affected Products
Apple mac_os_x_server
References
BugTraq: 21980
CVE: CVE-2007-0197
URL: http://projects.info-pull.com/moab/MOAB-09-01-2007.html
Short Name
HTTP:STC:DL:APPLE-DMG-VOLNAME
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2007-0197 Computer Corruption DMG Finder Memory Name Volume bid:21980
Release Date
09/29/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apple
CVSS Score
6.8