SMTP: Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption
This signature detects attempts to exploit a known vulnerability in Apple Quickdraw. A successful attack can lead to a arbitrary remote code execution within the context of the affected application.
Extended Description
Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. Successfully exploiting this issue allows remote attackers to corrupt memory and crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed. Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4
Affected Products
Apple mac_os_x_server
Short Name
SMTP:OVERFLOW:APPLE-PICT-MC
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
ARGB Apple CVE-2007-0462 Corruption Handling Images Memory PICT QuickDraw Records bid:22207
Release Date
02/26/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apple
CVSS Score
10.0