CVE-2007-0646

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=305391
http://docs.info.apple.com/article.html?artnum=307041
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
http://secunia.com/advisories/24966	Vendor Advisory
http://secunia.com/advisories/27643	Vendor Advisory
http://www.digitalmunition.com/MOAB-30-01-2007.html	Exploit Vendor Advisory
http://www.securityfocus.com/bid/22326
http://www.securityfocus.com/bid/26444
http://www.us-cert.gov/cas/techalerts/TA07-109A.html	US Government Resource
http://www.us-cert.gov/cas/techalerts/TA07-319A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/1470	Vendor Advisory
http://www.vupen.com/english/advisories/2007/3868	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.10:::::::*

OR	cpe:2.3:a:apple:imovie:6.0.3:::::::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*

History

No history.

Information

Published : 2007-02-01 00:28

Updated : 2023-12-10 10:40

NVD link : CVE-2007-0646

Mitre link : CVE-2007-0646

CVE.ORG link : CVE-2007-0646

JSON object : View

Products Affected

apple

imovie
safari
mac_os_x

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2007-0646", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-02-01T00:28:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=305391", "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=307041", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24966", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27643", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.digitalmunition.com/MOAB-30-01-2007.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22326", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26444", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1470", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3868", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function."}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en iMovie HD versi\u00f3n 6.0.3 y Safari en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos asistidos por el usuario causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de los especificadores de cadena de formato en un nombre de archivo, que no es manejado apropiadamente cuando llaman a la funci\u00f3n NSRunCriticalAlertPanel de Apple AppKit."}], "lastModified": "2011-03-07T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:imovie:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD7C458-922B-474D-8A7A-EDDB5CB4029D"}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}