9.3
CVE-2007-6165
- EPSS 44.75%
- Veröffentlicht 29.11.2007 01:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 44.75% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://docs.info.apple.com/article.html?artnum=307179
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://secunia.com/advisories/28136
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://www.vupen.com/english/advisories/2007/4238
http://secunia.com/advisories/27785
http://securitytracker.com/id?1019106
http://www.heise-security.co.uk/news/99257
http://www.kb.cert.org/vuls/id/433819
http://www.securityfocus.com/bid/26510
http://www.vupen.com/english/advisories/2007/3958