PT-2007-7056 · Apple · Macos X Leopard

Publicado

2007-11-29

Atualizado

2011-10-06

CVE-2007-6165

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple Mac OS X Leopard version 10.5.1

Description The issue allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment. This attachment contains an apparently-safe file type and script in a resource fork. The problem is that it does not warn the user that a separate program is going to be executed.

Recommendations For Apple Mac OS X Leopard version 10.5.1, consider avoiding the use of AppleDouble attachments until a fix is available. As a temporary workaround, users should be cautious when opening attachments and manually verify the safety of the file before opening it.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-20

Identificadores relacionados

CVE-2007-6165

Produtos afetados

Macos X Leopard

PT-2007-7056 · Apple · Macos X Leopard

CVE-2007-6165

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15