CVE-2008-2304

Apple Core Image Fun House < 2.0 - Buffer Overflow via String XML Element

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2304. PoCs published by Adriel T. Desautels.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Core Image Fun House by crafting a malicious XML file with an oversized string. The payload overwrites the return address to achieve arbitrary code execution.

Description

Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adriel T. Desautels · rubydososx

https://www.exploit-db.com/exploits/6043

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Core Image Fun House by crafting a malicious XML file with an oversized string. The payload overwrites the return address to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Core Image Fun House (Apple)

No auth needed

Prerequisites: Victim must open the malicious .funhouse file

MITRE ATT&CK