CVE-2007-0644

Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.digitalmunition.com/MOAB-30-01-2007.html
http://www.osvdb.org/32710
http://www.securityfocus.com/bid/22326
http://www.digitalmunition.com/MOAB-30-01-2007.html
http://www.osvdb.org/32710
http://www.securityfocus.com/bid/22326

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*

History

21 Nov 2024, 00:26

Type	Values Removed	Values Added
References	~~() http://www.digitalmunition.com/MOAB-30-01-2007.html -~~	() http://www.digitalmunition.com/MOAB-30-01-2007.html -
References	~~() http://www.osvdb.org/32710 -~~	() http://www.osvdb.org/32710 -
References	~~() http://www.securityfocus.com/bid/22326 -~~	() http://www.securityfocus.com/bid/22326 -

Information

Published : 2007-02-01 00:28

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0644

Mitre link : CVE-2007-0644

CVE.ORG link : CVE-2007-0644

JSON object : View

Products Affected

apple

safari

CWE

NVD-CWE-Other

{"id": "CVE-2007-0644", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-02-01T00:28:00.000", "references": [{"url": "http://www.digitalmunition.com/MOAB-30-01-2007.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/32710", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22326", "source": "cve@mitre.org"}, {"url": "http://www.digitalmunition.com/MOAB-30-01-2007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/32710", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22326", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions."}, {"lang": "es", "value": "vulnerabilidad de cadena de formato en el Apple Safari 2.0.4 (419.3) permite a atacantes con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante los requisitos de la cadena de formato en los nombres de fichero (filenames) que no son correctamente manejados que se llaman a las funciones (1) NSLog y (2) NSBeginAlertSheet Apple AppKit."}], "lastModified": "2024-11-21T00:26:23.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6D113B5-070D-4F91-AB5E-222D71C90EDF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}