CVE-2007-0344

Exploit

EPSS 6.56%
Veröffentlicht 18.01.2007 02:28:00
Zuletzt bearbeitet 16.06.2026 22:35:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Colloquy ≫ Colloquy Version <= 2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.56%	0.929

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://projects.info-pull.com/moab/MOAB-16-01-2007.html

Exploit

http://secunia.com/advisories/23801

Patch

Vendor Advisory

http://www.osvdb.org/32688

http://www.securityfocus.com/bid/22086

Patch

Exploit

http://www.vupen.com/english/advisories/2007/0238

Vendor Advisory

https://www.exploit-db.com/exploits/3139

https://nvd.nist.gov/vuln/detail/CVE-2007-0344

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0344

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0344

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-0344