CVE-2007-0236

Apple Mac OS X 10.4.8 - Remote Code Execution via Crafted AppleTalk Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0236. PoCs published by MoAB.

AI-analyzed exploit summary This PoC exploits an integer overflow in the AppleTalk protocol handler (CVE-2007-0236) by passing a large buffer with manipulated length parameters to the ATPsndrsp function, leading to a kernel panic. It demonstrates the vulnerability but does not achieve arbitrary code execution.

Description

Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MoAB · cdososx

https://www.exploit-db.com/exploits/3130

View Code ZIP pw:eip

This PoC exploits an integer overflow in the AppleTalk protocol handler (CVE-2007-0236) by passing a large buffer with manipulated length parameters to the ATPsndrsp function, leading to a kernel panic. It demonstrates the vulnerability but does not achieve arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: AppleTalk protocol handler in macOS (pre-2007)

No auth needed

Prerequisites: AppleTalk protocol enabled · AF_APPLETALK socket access

MITRE ATT&CK