CVE-2008-2321

CoreGraphics - Remote Code Execution or Denial of Service via Argument Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2321. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This is a fuzzer for CVE-2008-2321, targeting memory corruption vulnerabilities in the CoreGraphics component of Mac OS X. It tests various canvas operations to trigger potential exploits or denial-of-service conditions.

Description

Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Zalewski · htmldososx

https://www.exploit-db.com/exploits/32136

View Code ZIP pw:eip

This is a fuzzer for CVE-2008-2321, targeting memory corruption vulnerabilities in the CoreGraphics component of Mac OS X. It tests various canvas operations to trigger potential exploits or denial-of-service conditions.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Apple Mac OS X v10.4.11 and prior, Mac OS X Server v10.4.11 and prior, Mac OS X v10.5.4 and prior, Mac OS X Server v10.5.4 and prior

No auth needed

Prerequisites: A vulnerable version of Mac OS X with a browser that supports the canvas element

MITRE ATT&CK