CVE-2006-5710

macOS 10.4.8 - Remote Code Execution via Malformed 802.11 Probe Response Frame

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5710. PoCs published by H D Moore.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2006-5710, targeting a memory corruption vulnerability in the Apple Airport driver for Orinoco-based cards. It sends malformed probe response frames to trigger arbitrary code execution in the kernel.

Description

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by H D Moore · rubydoshardware

https://www.exploit-db.com/exploits/2700

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2006-5710, targeting a memory corruption vulnerability in the Apple Airport driver for Orinoco-based cards. It sends malformed probe response frames to trigger arbitrary code execution in the kernel.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple Airport driver (Orinoco-based cards, 1999-2003 PowerBooks, iMacs) on macOS 10.4.8

No auth needed

Prerequisites: Target system with vulnerable Apple Airport driver · Target system in active scanning mode

MITRE ATT&CK