CVE-2007-4268

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.

Un error en la propiedad signedness de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de un mensaje de AppleTalk diseñado con un valor negativo, que satisface una comparación firmada durante la asignación de mbuf pero que luego es interpretada como un valor sin firmar, lo que desencadena un desbordamiento de búfer en la región heap de la memoria.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-09 CVE Reserved
2007-11-15 CVE Published
2024-02-02 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-681: Incorrect Conversion between Numeric Types

CAPEC

References (9)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=307041	Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628	Broken Link
http://secunia.com/advisories/27643	Broken Link
http://securitytracker.com/id?1018950	Broken Link
http://www.securityfocus.com/bid/26444	Broken Link
http://www.us-cert.gov/cas/techalerts/TA07-319A.html	Broken Link
http://www.vupen.com/english/advisories/2007/3868	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/38476	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html	2024-02-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				>= 10.4.0 <= 10.4.10 Search vendor "Apple" for product "Mac Os X" and version " >= 10.4.0 <= 10.4.10"		-		Affected