The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows malicious users to execute arbitrary code from an untrusted bundle.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x 10.3.9 |
||
apple mac os x 10.4.6 |