PT-2007-2100 · Apple · Appkit+1

Publicado

2007-02-01

Atualizado

2008-09-05

CVE-2007-0644

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apple Safari version 2.0.4 (419.3)

Description The issue allows remote user-assisted attackers to cause a denial of service, resulting in a crash, by utilizing format string specifiers in filenames. This occurs due to improper handling when calling the NSLog and NSBeginAlertSheet Apple AppKit functions.

Recommendations For Apple Safari version 2.0.4 (419.3), consider avoiding the use of format string specifiers in filenames until a fix is available. As a temporary workaround, restrict the handling of filenames by the NSLog and NSBeginAlertSheet functions to minimize the risk of a denial of service.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-0644

Produtos afetados

Appkit

Safari

PT-2007-2100 · Apple · Appkit+1

CVE-2007-0644

Identificadores relacionados

Produtos afetados

Referências · 5