Apple multiple applications format string vulnerabilities
Published:		01.02.2007
Source:		MOAB
SecurityVulns ID:		7141
Type:		client
Level:		7/10
Description:		Format string vulnerabilities in multiple client applications.

Affected:		APPLE : Mac OS X 10.4
		APPLE : Safari 2.0
		APPLE : Help Viewer 3.0
		APPLE : iMovie HD 6.0
		APPLE : iPhoto 6.0
CVE:		CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.)
		CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.)
		CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.)
		CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.)

Original document

MOAB, MOAB-30-01-2007: Multiple Apple Software Format String Vulnerabilities (01.02.2007)

Discuss:

Read or add your comments to this news (0 comments)