PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
Proof of Concept code exploiting the MacOS X 10.5/10.6 libc/strtod(3) buffer overflow CVE-2009-0689 vulnerability has been released. The list of vulnerable software includes FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, as well as MacOS X 10.5/10.6. Impact includes Denial of Service (DoS) or execution of arbitrary code. This is remotely or locally exploitable, and does not require user interaction.
From NVD:
CVSS Severity (version 2.0):
CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Comments