6.8

CVE-2011-0173

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

Data is provided by the National Vulnerability Database (NVD)
ApplemacOS X Version <= 10.6.6
   ApplemacOS X Version <= 10.6.6
ApplemacOS X Version10.6.0
   ApplemacOS X Version10.6.0
ApplemacOS X Version10.6.1
   ApplemacOS X Version10.6.1
ApplemacOS X Version10.6.2
   ApplemacOS X Version10.6.2
ApplemacOS X Version10.6.3
   ApplemacOS X Version10.6.3
ApplemacOS X Version10.6.4
   ApplemacOS X Version10.6.4
ApplemacOS X Version10.6.5
   ApplemacOS X Version10.6.5
ApplemacOS X Server Version <= 10.6.6
ApplemacOS X Server Version10.6.0
ApplemacOS X Server Version10.6.1
ApplemacOS X Server Version10.6.2
ApplemacOS X Server Version10.6.3
ApplemacOS X Server Version10.6.4
ApplemacOS X Server Version10.6.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.66% 0.687
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://support.apple.com/kb/HT4581
Patch
Vendor Advisory