Back to search
CVE-2007-0023
Published: Jan 24, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32695
vdb-entry
x_refsource_OSVDB
APPLE-SA-2007-02-15
vendor-advisory
x_refsource_APPLE
TA07-047A
third-party-advisory
x_refsource_CERT
24198
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=305102
x_refsource_CONFIRM
macos-inputmanager-privilege-escalation(31676)
vdb-entry
x_refsource_XF
1017542
vdb-entry
x_refsource_SECTRACK
VU#315856
third-party-advisory
x_refsource_CERT-VN
http://projects.info-pull.com/moab/MOAB-22-01-2007.html
x_refsource_MISC
23846
third-party-advisory
x_refsource_SECUNIA
ADV-2007-0074
vdb-entry
x_refsource_VUPEN
22188
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now