CVE-2007-0023

EPSS 1.5%

The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/3181unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://docs.info.apple.com/article.html?artnum=305102 http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html http://projects.info-pull.com/moab/MOAB-22-01-2007.html http://secunia.com/advisories/23846 http://secunia.com/advisories/24198 http://securitytracker.com/id?1017542 https://exchange.xforce.ibmcloud.com/vulnerabilities/31676 http://www.kb.cert.org/vuls/id/315856 http://www.osvdb.org/32695 http://www.securityfocus.com/bid/22188 http://www.us-cert.gov/cas/techalerts/TA07-047A.html http://www.vupen.com/english/advisories/2007/0074