CVE-2005-0342

Mac OS X - Arbitrary File Overwrite and Privilege Escalation via .DS_Store Hard Link

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0342. PoCs published by vade79.

AI-analyzed exploit summary This exploit leverages a vulnerability in macOS Finder's handling of .DS_Store files to overwrite /etc/crontab via a symlink, ultimately modifying /etc/sudoers to grant root privileges. It requires root user interaction with the crafted directory in Finder.

Description

The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vade79 · perllocalosx

https://www.exploit-db.com/exploits/793

View Code ZIP pw:eip

This exploit leverages a vulnerability in macOS Finder's handling of .DS_Store files to overwrite /etc/crontab via a symlink, ultimately modifying /etc/sudoers to grant root privileges. It requires root user interaction with the crafted directory in Finder.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS Finder (versions affected by CVE-2005-0342)

No auth needed

Prerequisites: Access to a macOS system with vulnerable Finder · Root user must interact with the crafted directory via Finder

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14188

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12458

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19253

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110780124707975&w=2

Patch vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

Scores

EPSS 0.0094

EPSS Percentile 56.2%

Details

Status published

Products (50)

apple/mac_os_x 10.0

apple/mac_os_x 10.0.1

apple/mac_os_x 10.0.2

apple/mac_os_x 10.0.3

apple/mac_os_x 10.0.4

apple/mac_os_x 10.1

apple/mac_os_x 10.1.1

apple/mac_os_x 10.1.2

apple/mac_os_x 10.1.3

apple/mac_os_x 10.1.4

... and 40 more

Published May 02, 2005

Tracked Since Feb 18, 2026