Format String Vulnerability in Apple Screen Sharing Server and Remote Desktop
CVE-2013-5135

Currently unrated

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 24 October 2013

Summary

A format string vulnerability exists in the Screen Sharing Server feature of Apple Mac OS X prior to version 10.9 and in Apple Remote Desktop prior to version 3.5.4. This flaw permits remote attackers to execute arbitrary code by supplying crafted format string specifiers in a VNC username. Successful exploitation could allow an attacker to compromise the integrity and confidentiality of the affected system.

References

http://lists.apple.com/archives/security-announce/2013/Oc...

vendor-advisoryx_refsource_APPLE

http://lists.apple.com/archives/security-announce/2013/Oc...

vendor-advisoryx_refsource_APPLE

http://lists.apple.com/archives/security-announce/2013/Oc...

vendor-advisoryx_refsource_APPLE

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013