Moab

**Name of the Vulnerable Software and Affected Versions** CFNetwork version 129.19 on Mac OS X versions 10.4 through 10.4.10 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted HTTP 301 response. This is due to a NULL pointer dereference in the CFNetConnectionWillEnqueueRequests function. **Recommendations** For CFNetwork version 129.19 on Mac OS X versions 10.4 through 10.4.10, consider restricting access to the CFNetConnectionWillEnqueueRequests function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Transmit.app versions up to 3.5.5 **Description** The issue is related to a heap-based buffer overflow in the SFTP protocol handler. This allows remote attackers to execute arbitrary code via a long ftps:// URL. **Recommendations** For versions up to 3.5.5, update to a version later than 3.5.5 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Colloquy versions 2.1 and earlier Description: The issue is related to multiple format string vulnerabilities in the ` invitedToRoom:` and ` invitedToDirectChat:` functions. These vulnerabilities can be exploited by remote attackers who send INVITE requests with format string specifiers in the channel name, potentially causing a denial of service (application crash) and possibly allowing the execution of arbitrary code. This is related to the implementation of `AlertSheet` and `AlertPanel` in Apple AppKit. Recommendations: For Colloquy versions 2.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X version 10.4.8 **Description** A double free vulnerability in the ATPsndrsp function allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. **Recommendations** For Apple Mac OS X version 10.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OmniWeb version 5.5.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code. This is achieved through the use of format string specifiers in the Javascript `alert` function. **Recommendations** For OmniWeb version 5.5.1, consider disabling the Javascript alert function as a temporary workaround until a patch is available. Restrict access to untrusted Javascript code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime version 7.1.3 **Description** A buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a long `rtsp://` URI. The `rtsp://` handler fails to validate a supplied URL string, resulting in a stack overflow. With a specially crafted URL, an attacker can cause arbitrary code execution, leading to a loss of integrity. **Recommendations** For Apple QuickTime version 7.1.3, consider disabling the `rtsp://` handler until a patch is available to prevent potential exploitation. Restrict access to the vulnerable module to minimize the risk of arbitrary code execution. Avoid using long `rtsp://` URIs in the affected QuickTime version until the issue is resolved.