Title: Apple Mac OS X Libsystem strptime API Crafted Date String Memory Corruption
Dec 15, 2008
A memory corruption flaw exists in Mac OS X. The strptime API fails to validate date strings resulting in memory corruption. With a specially crafted date string, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Local / Remote,
Loss of Integrity
Upgrade to version 10.5.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.