CVSS: 7.1EPSS: 79%CPEs: 2EXPL: 0CVE-2007-0588
https://notcve.org/view.php?id=CVE-2007-0588
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. La función InternalUnpackBits en Apple QuickDraw, como ha sido usado en Quicktime 7.1.3 y otras aplicaciones de Mac OS X 10.4.8 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección mediante un fichero PICT artesanal que provoca una corrupción de memoria en la función _GetSrcBits32ARGB. NOTA: este asunto puede estar solapado con CVE-2007-0462. • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/24479 http://security-protocols.com/sp-x43-advisory.php http://www.kb.cert.org/vuls/id/396820 http://www.osvdb.org/33365 http://www.securityfocus.com/bid/22228 http://www.securitytracker.com/id?1017760 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007/0930 •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0467 – Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0467
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. crashdump en Apple Mac OS X 10.4.8 permite a usuarios locales del grupo admin modificar ficheros de su elección o ganar privilegios a través de ataque de enlaces simbólicos sobre logs de aplicación en /Library/Logs/CrashReporter/. Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability. • https://www.exploit-db.com/exploits/3219 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://projects.info-pull.com/moab/MOAB-28-01-2007.html http://secunia.com/advisories/24479 http://www.kb.cert.org/vuls/id/363112 http://www.osvdb.org/32706 http://www.securitytracker.com/id?1017751 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007& •
CVSS: 5.0EPSS: 95%CPEs: 12EXPL: 2CVE-2007-0464 – Apple CFNetwork - HTTP Response Denial of Service
https://notcve.org/view.php?id=CVE-2007-0464
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. La función _CFNetConnectionWillEnqueueRequests en CFNetwork versión 129.19 en Apple Mac OS X versión 10.4 hasta 10.4.10, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de una respuesta 301 HTTP diseñada, que resulta en una desreferencia del puntero NULL. • https://www.exploit-db.com/exploits/3200 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://projects.info-pull.com/moab/MOAB-25-01-2007.html http://secunia.com/advisories/27643 http://www.osvdb.org/32704 http://www.securityfocus.com/bid/22249 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0478
https://notcve.org/view.php?id=CVE-2007-0478
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. En WebCore en Apple Mac OS X versiones 10.3.9 y 10.4.10, tal como es usado en Safari, no analiza de forma apropiada los comentarios HTML en elementos TITLE, lo que permite a los atacantes remotos conducir ataques de tipo Cross-Site Scripting (XSS) y omitir algunos esquemas de protección XSS insertando ciertas etiquetas HTML dentro de un comentario HTML. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://osvdb.org/32712 http://secunia.com/advisories/23893 http://secunia.com/advisories/26235 http://securitytracker.com/id?1018494 http://www.beanfuzz.com/wordpress/?p=99 http://www.securityfocus.com/archive/1/457763/100/0/threaded http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 87%CPEs: 2EXPL: 1CVE-2007-0462 – Apple Mac OSX 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2007-0462
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. La función _GetSrcBits32ARGB en App Apple QuickDraw, tal y como lo usa Quicktime 7.1.3 y otras aplicaciones en Mac OS X 10.4.8 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante una imagen PICT manipulada con un registro Alpha RGB (ARGB) mal formado, que dispara corrupción de memoria. • https://www.exploit-db.com/exploits/29509 http://projects.info-pull.com/moab/MOAB-23-01-2007.html http://secunia.com/advisories/23859 http://www.osvdb.org/32696 http://www.securityfocus.com/bid/22207 http://www.vupen.com/english/advisories/2007/0337 https://exchange.xforce.ibmcloud.com/vulnerabilities/31698 •