Check Point Advisories

Update Protection against Apple Mac OS X GIF Image Remote Code Execution Vulnerability

Check Point Reference:	CPAI-2007-059
Date Published:	13 May 2007
Severity:	High
Last Updated:	Monday 01 January, 2007
Source:	Secunia Advisory: SA24479
Industry Reference:	CVE-2007-1071
Protection Provided by:
Who is Vulnerable?	Apple Mac OS X version 10.4.8
Vulnerability Description	An integer overflow vulnerability exists in ImageIO in Apple Mac OS X. an attacker can exploit this issue via a malformed GIF image. GIF (Graphics Interchange Format) is a popular image format. By convincing a user to visit a specially crafted HTML documents or open a malicious web page, a remote attacker could cause denial of service and may execute arbitrary code on an affected system.
Update/Patch Avaliable	Apply updates: Apple
Vulnerability Details	This vulnerability is due to an error in the 'gifGetBandProc' function in ImageIO when processing malformed GIF files. An attacker could trigger this flaw via a specially crafted GIF image. Successful exploitation may allow the attacker to execute arbitrary code on a target system.