Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4866 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 58.85%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedSep 19

Latest updateMay 1

Description

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x38 versions+37

▶NVDapple/mac_os_x_server34 versions+33

🔴Vulnerability Details

GHSA

GHSA-42r6-9v7j-fvrx: Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute a↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.x - KExtLoad Buffer Overflow↗2006-09-14

▶