7.1

CVE-2007-0646

Exploit

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

Data is provided by the National Vulnerability Database (NVD)
AppleImovie Version6.0.3
   ApplemacOS X Version10.4
   ApplemacOS X Version10.4.1
   ApplemacOS X Version10.4.2
   ApplemacOS X Version10.4.3
   ApplemacOS X Version10.4.4
   ApplemacOS X Version10.4.5
   ApplemacOS X Version10.4.6
   ApplemacOS X Version10.4.7
   ApplemacOS X Version10.4.8
   ApplemacOS X Version10.4.9
   ApplemacOS X Version10.4.10
AppleSafari
   ApplemacOS X Version10.4
   ApplemacOS X Version10.4.1
   ApplemacOS X Version10.4.2
   ApplemacOS X Version10.4.3
   ApplemacOS X Version10.4.4
   ApplemacOS X Version10.4.5
   ApplemacOS X Version10.4.6
   ApplemacOS X Version10.4.7
   ApplemacOS X Version10.4.8
   ApplemacOS X Version10.4.9
   ApplemacOS X Version10.4.10
ApplemacOS X Version10.3.9
   ApplemacOS X Version10.4
   ApplemacOS X Version10.4.1
   ApplemacOS X Version10.4.2
   ApplemacOS X Version10.4.3
   ApplemacOS X Version10.4.4
   ApplemacOS X Version10.4.5
   ApplemacOS X Version10.4.6
   ApplemacOS X Version10.4.7
   ApplemacOS X Version10.4.8
   ApplemacOS X Version10.4.9
   ApplemacOS X Version10.4.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 16.78% 0.947
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.