Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1398

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-1398
Last Modified 05 Sep 2008 04:41:15
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1398

Summary

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.

Vulnerable Systems

Application

  • Roxio Toast


References

XF - roxio-toast-tdixsupport-format-string(18472)

BID - 20031

BID - 11926

MISC - http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt

BUGTRAQ - 20041214 Possible local root vulnerability in Roxio Toast on Mac OS X

FULLDISC - 20060913 [NETRAGARD-20060822 SECURITY ADVISORY] [ APPLE COMPUTER CORPORATION KEXTLOAD VULNERABILITY + ROXIO TOAST TITANUM 7 HELPER APP - LOCAL ROOT COMROMISE]


Last Updated: 27 May 2016 10:39:01