{"vuid":"VU#435188","idnumber":"435188","name":"Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files","keywords":["Apple","Mac OS X","AppKit","buffer overflow","arbitrary code execution","maliciously crafted","rich text files","2005-007","apple_security_update_2005_007"],"overview":"A buffer overflow vulnerability exists in a component of Apple's Mac OS X operating system that handles rich text files.","clean_desc":"The Cocoa Application Framework (also referred to as the Application Kit, or AppKit) is one of the core Cocoa frameworks supplied with Apple's Mac OS X operating system. It provides functionality and associated application program interfaces (APIs) for applications, including objects for graphical user interfaces (GUIs), event-handling mechanisms, application services, and drawing and image composition facilities. A buffer overflow exists in the AppKit component designed to handle rich text (.rtf) files. This vulnerability affects applications that use AppKit (such as TextEdit) to open .rtf files. A maliciously crafted .rtf file could be used to execute arbitrary code on a vulnerable system.","impact":"An attacker with the ability to supply a maliciously crafted .rtf file could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user opening the malicious file.","resolution":"Apply a patch Apple has released a patch to address this issue and other security issues in Security Update 2005-007. Users are encouraged to apply the patches from this update.","workarounds":"","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability.","author":"This document was written by Chad R Dougherty based on information supplied by Apple.","public":["http://secunia.com/advisories/16449/","http://www.auscert.org.au/5391","http://www.ciac.org/ciac/bulletins/p-276.shtml"],"cveids":["CVE-2005-2501"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-08-16T18:18:01Z","publicdate":"2005-08-15T00:00:00Z","datefirstpublished":"2005-08-17T17:02:16Z","dateupdated":"2005-08-18T19:41:16Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"12","cam_attackeraccessrequired":"15","cam_scorecurrent":"15.49125","cam_scorecurrentwidelyknown":"19.794375","cam_scorecurrentwidelyknownexploited":"37.006875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.49125,"vulnote":null}