Lucene search

MitreCVE-2007-0463

HistoryJan 29, 2007 - 4:28 p.m.

CVE-2007-0463

2007-01-2916:28:00

mitre

web.nvd.nist.gov

cve-2007-0463

format string vulnerability

apple software update

mac os x 10.4.8

remote code execution

denial of service

swutmp

sucatalog filenames

mime type

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.391

Percentile

97.3%

JSON

Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.

Affected configurations

Nvd

Node

applesoftware_updateMatch2.0.5

VendorProductVersionCPE
applesoftware_update2.0.5cpe:2.3:a:apple:software_update:2.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	software_update	2.0.5	cpe:2.3:a:apple:software_update:2.0.5:::::::*

References

docs.info.apple.com/article.html?artnum=305214

lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

projects.info-pull.com/moab/MOAB-24-01-2007.html

secunia.com/advisories/24479

www.osvdb.org/32703

www.securityfocus.com/bid/22222

www.securitytracker.com/id?1017755

www.us-cert.gov/cas/techalerts/TA07-072A.html

www.vupen.com/english/advisories/2007/0337

www.vupen.com/english/advisories/2007/0930

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.391

Percentile

97.3%

JSON

Related for CVE-2007-0463