| Vulnerability Name: | CVE-2007-0644 (CCN-32265) | ||||||||
| Assigned: | 2007-01-30 | ||||||||
| Published: | 2007-01-30 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UR)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-0644 Source: CCN Type: MOAB-30-01-2007 Multiple Apple Software Format String Vulnerabilities Source: CCN Type: Apple Mac OS X Web site Apple - Mac OS X Source: CCN Type: Apple Web site Apple - Support - Downloads Source: MISC Type: UNKNOWN http://www.digitalmunition.com/MOAB-30-01-2007.html Source: OSVDB Type: UNKNOWN 32710 Source: CCN Type: OSVDB ID: 32710 Apple Safari window.console.log Format String Source: BID Type: UNKNOWN 22326 Source: CCN Type: BID-22326 Apple Mac OS X Multiple Products Format String Vulnerabilities Source: XF Type: UNKNOWN macos-safari-format-string(32265) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||