CVE-2005-0713

Mac OS X <10.3.8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0713. PoCs published by V9.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the Core Foundation library (CVE-2005-0713) to execute arbitrary code with elevated privileges. It manipulates the `CF_CHARSET_PATH` environment variable to trigger the vulnerability in the `/usr/bin/su` binary, requiring user interaction (pressing ENTER at the password prompt).

Description

The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED
by V9 · clocalosx
https://www.exploit-db.com/exploits/25256

This exploit leverages a buffer overflow in the Core Foundation library (CVE-2005-0713) to execute arbitrary code with elevated privileges. It manipulates the `CF_CHARSET_PATH` environment variable to trigger the vulnerability in the `/usr/bin/su` binary, requiring user interaction (pressing ENTER at the password prompt).

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Apple Mac OS X and OS X Server version 10.3.8 (and possibly earlier versions)
No auth needed
Prerequisites: Local access to the target system · Presence of the vulnerable Core Foundation library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

Scores

EPSS 0.0056
EPSS Percentile 41.9%

Details

Status published
Products (17)
apple/mac_os_x 10.3
apple/mac_os_x 10.3.1
apple/mac_os_x 10.3.2
apple/mac_os_x 10.3.3
apple/mac_os_x 10.3.4
apple/mac_os_x 10.3.5
apple/mac_os_x 10.3.6
apple/mac_os_x 10.3.7
apple/mac_os_x 10.3.8
apple/mac_os_x_server 10.3
... and 7 more
Published Mar 21, 2005
Tracked Since Feb 18, 2026