CVE-2007-0735

Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=305391
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://secunia.com/advisories/24966
http://www.osvdb.org/34860
http://www.securityfocus.com/bid/23569	Patch
http://www.securitytracker.com/id?1017942
http://www.us-cert.gov/cas/techalerts/TA07-109A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/1470
http://docs.info.apple.com/article.html?artnum=305391
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://secunia.com/advisories/24966
http://www.osvdb.org/34860
http://www.securityfocus.com/bid/23569	Patch
http://www.securitytracker.com/id?1017942
http://www.us-cert.gov/cas/techalerts/TA07-109A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/1470

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::*

History

21 Nov 2024, 00:26

Type	Values Removed	Values Added
References	~~() http://docs.info.apple.com/article.html?artnum=305391 -~~	() http://docs.info.apple.com/article.html?artnum=305391 -
References	~~() http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html -~~	() http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html -
References	~~() http://secunia.com/advisories/24966 -~~	() http://secunia.com/advisories/24966 -
References	~~() http://www.osvdb.org/34860 -~~	() http://www.osvdb.org/34860 -
References	~~() http://www.securityfocus.com/bid/23569 - Patch~~	() http://www.securityfocus.com/bid/23569 - Patch
References	~~() http://www.securitytracker.com/id?1017942 -~~	() http://www.securitytracker.com/id?1017942 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA07-109A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA07-109A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2007/1470 -~~	() http://www.vupen.com/english/advisories/2007/1470 -

Information

Published : 2007-04-24 17:19

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0735

Mitre link : CVE-2007-0735

CVE.ORG link : CVE-2007-0735

JSON object : View

Products Affected

apple

mac_os_x
mac_os_x_server

CWE

NVD-CWE-Other

9.3 /10