CVE-2007-0344

Sažetak

Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.

Reference

http://projects.info-pull.com/moab/MOAB-16-01-2007.html
http://secunia.com/advisories/23801
http://www.osvdb.org/32688
http://www.securityfocus.com/bid/22086
http://www.vupen.com/english/advisories/2007/0238
https://www.exploit-db.com/exploits/3139

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2017 - 01:29

Objavljeno

18-01-2007 - 02:28