Format String Vulnerability in iMovie HD and Safari by Apple
CVE-2007-0646

Currently unrated

Key Information:

Vendor: Apple
Status: Imovie; Safari; Mac Os X
Vendor: CVE Published:; 1 February 2007

Summary

A format string vulnerability exists in iMovie HD 6.0.3 and Safari on Mac OS X versions 10.4 through 10.4.10. This vulnerability allows remote user-assisted attackers to exploit the application by crafting specific filenames that include format string specifiers. When the NSRunCriticalAlertPanel function is called with improperly handled inputs, it can result in a crash of the application, leading to a denial of service. Users are advised to avoid opening files from untrusted sources and to apply security updates provided by Apple.

References

http://secunia.com/advisories/24966

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/26444

vdb-entryx_refsource_BID

http://www.securityfocus.com/bid/22326

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 1, 2007
Vulnerability Reserved
Jan 31, 2007