Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X Software Update / Apple Installer format string security vulnerability
Published:29.01.2007
Source:
SecurityVulns ID:7124
Type:client
Threat Level:
6/10
Description:Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files (.sucatalog и .swutmp). Format string vulnerability in .pkg file name.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.)
 CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.)
Original documentdocumentMOAB, MOAB-26-01-2007: Apple Installer Package Filename Format String Vulnerability (29.01.2007)
 documentMOAB, MOAB-24-01-2007: Apple Software Update Catalog Filename Format String Vulnerability (29.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod