CVE-2011-0173
https://notcve.org/view.php?id=CVE-2011-0173
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Múltiples vulnerabilidades de formato de cadenas en AppleScript en Apple Mac OS X antes de v10.6.7 permite a atacantes dependientes de contexto ejecutar código de su elección o causar una denegación de servicio (solicitud de bloqueo) a través de especificadores de formato de cadena en (1) pantalla de diálogo o (2) comando de alerta en un cuadro de diálogo en una aplicación AppleScript Studio. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-134: Use of Externally-Controlled Format String •
CVE-2005-1331
https://notcve.org/view.php?id=CVE-2005-1331
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://remahl.se/david/vuln/010 http://secunia.com/advisories/15227 http://www.securityfocus.com/bid/13480 http://www.vupen.com/english/advisories/2005/0455 •