PT-2007-7056 · Apple · Macos X Leopard

Published

2007-11-29

Updated

2011-10-06

CVE-2007-6165

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple Mac OS X Leopard version 10.5.1

Description The issue allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment. This attachment contains an apparently-safe file type and script in a resource fork. The problem is that it does not warn the user that a separate program is going to be executed.

Recommendations For Apple Mac OS X Leopard version 10.5.1, consider avoiding the use of AppleDouble attachments until a fix is available. As a temporary workaround, users should be cautious when opening attachments and manually verify the safety of the file before opening it.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-20

Related Identifiers

CVE-2007-6165

Affected Products

Macos X Leopard

PT-2007-7056 · Apple · Macos X Leopard

CVE-2007-6165

Weakness Enumeration

Related Identifiers

Affected Products

References · 15