7.5

CVE-2007-0344

Exploit

EPSS 24.21%
Veröffentlicht 18.01.2007 02:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Colloquy ≫ Colloquy Version <= 2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	24.21%	0.959

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://projects.info-pull.com/moab/MOAB-16-01-2007.html

Exploit

http://secunia.com/advisories/23801

Patch

Vendor Advisory

http://www.osvdb.org/32688

http://www.securityfocus.com/bid/22086

Patch

Exploit

http://www.vupen.com/english/advisories/2007/0238

Vendor Advisory

https://www.exploit-db.com/exploits/3139

https://nvd.nist.gov/vuln/detail/CVE-2007-0344

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0344

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0344

EUVD