[原文]Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.
Local Access Required,
Local / Remote,
Loss of Integrity
Toast contains a flaw that may allow a local malicious user to execute arbitrary code. The issue is triggered when a malicious user sends a specially crafted argument using the command line. It is possible that the flaw may allow execution arbitrary code resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.