CVE-2006-6353

Vulnerability

BOMArchiveHelper in Mac OS X contains multiple unspecified vulnerabilities that cause application crash when processing a crafted archive file. The crashes manifest as KERN_PROTECTION_FAILURE and KERN_INVALID_ADDRESS thread failures. This was discovered through fuzzing with the iSec Partners FileP fuzzer. Affected versions are not explicitly listed, but the vulnerability pertains to Mac OS X systems using BOMArchiveHelper up to the time of disclosure (December 2006) [1].

Exploitation

The attacker must convince a user to open a specially crafted archive file (user-assisted remote attack). No further authentication is required; the crash occurs upon file parsing within BOMArchiveHelper [1].

Impact

Successful exploitation causes the application to crash, resulting in a denial of service (temporary unavailability). There is no indication of code execution or data compromise; the impact is limited to application instability [1].

Mitigation

No official patch or fix has been identified in the available references. As of the publication date (December 2006), users should avoid opening untrusted archive files in applications that rely on BOMArchiveHelper, or use alternative archive utilities. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].