CVE-2007-0197

Finder 10.4.6 on Mac OS X 10.4.8 - DoS and RCE via Long Volume Name in DMG

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0197. PoCs published by MoAB.

AI-analyzed exploit summary This exploit creates a malformed DMG file with an overly long volume name to trigger a buffer overflow in macOS's hdiutil, leading to potential arbitrary code execution. The PoC demonstrates the vulnerability by generating a DMG with a 255-character random volume name.

Description

Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MoAB · rubydososx

https://www.exploit-db.com/exploits/3110

View Code ZIP pw:eip

This exploit creates a malformed DMG file with an overly long volume name to trigger a buffer overflow in macOS's hdiutil, leading to potential arbitrary code execution. The PoC demonstrates the vulnerability by generating a DMG with a 255-character random volume name.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apple macOS hdiutil (versions prior to 2007 patch)

No auth needed

Prerequisites: Access to a vulnerable macOS system with hdiutil

MITRE ATT&CK