Format String Vulnerability in Apple Installer on Mac OS X
CVE-2007-0465

Currently unrated

Key Information:

Vendor: Apple
Status: Installer
Vendor: CVE Published:; 31 January 2007

What is CVE-2007-0465?

A format string vulnerability exists in Apple Installer 2.1.5 running on Mac OS X 10.4.8, which can be exploited by user-assisted remote attackers. This vulnerability allows the execution of arbitrary code due to inadequate handling of format string specifiers in package filenames, including PKG, DISTZ, or MPKG files. If successfully exploited, the attacker could gain unauthorized access to the system, highlighting the importance of utilizing secure software practices and regularly updating software to mitigate such risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31883

vdb-entryx_refsource_XF

http://secunia.com/advisories/24966

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22272

vdb-entryx_refsource_BID

EPSS Score

35% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2007
Vulnerability Reserved
Jan 23, 2007