CVE-2007-0646

Currently unrated

Key Information:

Vendor: Apple
Status: Imovie; Safari; Mac Os X
Vendor: CVE Published:; 1 February 2007

Summary

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

References

http://secunia.com/advisories/24966

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/26444

vdb-entryx_refsource_BID

http://www.securityfocus.com/bid/22326

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 1, 2007
Vulnerability Reserved
Jan 31, 2007