Software operating in a MAC OS environment, where .DS_Store is in effect, must carefully manage hard links, otherwise an attacker may be able to leverage a hard link from .DS_Store to overwrite arbitrary files and gain privileges. 631 699 Category ChildOf 70 1000 Weakness ChildOf 66 1000 Weakness PeerOf 62 888 Category ChildOf 893 This entry, which originated from PLOVER, probably stems from a common manipulation that is used to exploit symlink and hard link following weaknesses, like /etc/passwd is often used for UNIX-based exploits. As such, it is probably too low-level for inclusion in CWE. Architecture and Design Implementation Operation Confidentiality Integrity Read files or directories Modify files or directories BUGTRAQ:20010910 More security problems in Apache on Mac OS X CVE-2005-0342 The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0342 Under-studied DS - Apple '.DS_Store 18 19 199 244 32 63 86 91 PLOVER Eric Dalci Cigital 2008-07-01 updated Time_of_Introduction CWE Content Team MITRE 2008-09-08 updated Relationships, Taxonomy_Mappings CWE Content Team MITRE 2008-10-14 updated Maintenance_Notes CWE Content Team MITRE 2009-03-10 updated Related_Attack_Patterns CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2012-05-11 updated Related_Attack_Patterns, Relationships