Format String Vulnerability in iMovie HD and Safari by Apple
CVE-2007-0646

Currently unrated

Key Information:

Vendor

Apple
Status
Imovie
Safari
Mac Os X
Vendor
CVE Published:
1 February 2007

What is CVE-2007-0646?

A format string vulnerability exists in iMovie HD 6.0.3 and Safari on Mac OS X versions 10.4 through 10.4.10. This vulnerability allows remote user-assisted attackers to exploit the application by crafting specific filenames that include format string specifiers. When the NSRunCriticalAlertPanel function is called with improperly handled inputs, it can result in a crash of the application, leading to a denial of service. Users are advised to avoid opening files from untrusted sources and to apply security updates provided by Apple.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/24966
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/26444
vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/22326
vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.