{"vuid":"VU#240880","idnumber":"240880","name":"Apple Mac OS X Finder DMG volume name buffer overflow","keywords":["Apple","Mac OS X","Finder","buffer overflow","memory corruption","DMG","volume name","Apple-2007-002"],"overview":"Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder contains a buffer overflow vulnerability in the handling of DMG volume names. Specifically, a DMG file with a volume name of more than 255 bytes can trigger memory corruption. Note that by default, Safari will automatically mount DMG files that are referenced in web pages.","impact":"By convincing a user to mount a specially-crafted DMG file, such as by viewing a web page with Safari, a remote, unauthenticated attacker may be able to execute code with the privileges of the user or cause a denial-of-service condition.","resolution":"Apply an update\nThis issue is addressed in Apple Security Update 2007-002.","workarounds":"Disable \"Open 'safe' files after downloading\" Disable the option \"Open 'safe' files after downloading,\" as specified in the Securing Your Web Browser document. This will help prevent automatic exploitation of this and other vulnerabilities.","sysaffected":"","thanks":"This vulnerability was publicly disclosed by LMH.","author":"This document was written by Will Dormann.","public":["http://projects.info-pull.com/moab/MOAB-09-01-2007.html","http://docs.info.apple.com/article.html?artnum=305102","http://secunia.com/advisories/24198/","http://securitytracker.com/alerts/2007/Feb/1017662.html","http://www.securityfocus.com/bid/21980"],"cveids":["CVE-2007-0197"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-01-10T12:58:05Z","publicdate":"2007-01-09T00:00:00Z","datefirstpublished":"2007-02-16T20:28:03Z","dateupdated":"2007-02-23T14:05:16Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"19","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"12","cam_impact":"13","cam_easeofexploitation":"9","cam_attackeraccessrequired":"17","cam_scorecurrent":"10.293075","cam_scorecurrentwidelyknown":"10.7406","cam_scorecurrentwidelyknownexploited":"19.6911","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.293075,"vulnote":null}