CVE-2007-6165

Exploit

EPSS 38.55%
Published 29.11.2007 01:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ macOS X Version10.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	38.55%	0.969

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.info.apple.com/article.html?artnum=307179

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

http://secunia.com/advisories/28136

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/4238

Vendor Advisory

http://secunia.com/advisories/27785

Vendor Advisory

http://securitytracker.com/id?1019106

http://www.heise-security.co.uk/news/99257