Multiple Remote Format-String Vulnerabilities in Mac OS X Products

vendor:

Help Viewer, Safari, iPhoto, iMovie

by:

Unknown

7.5

CVSS

HIGH

Remote Format-String

Unknown

CWE

Product Name: Help Viewer, Safari, iPhoto, iMovie

Affected Version From: Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, iPhoto 6.0.5

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Not mentioned

CPE: Not mentioned

Metasploit:

Other Scripts:

Platforms Tested: Mac OS X

Unknown

Multiple Remote Format-String Vulnerabilities in Mac OS X Products

The exploit allows attacker-supplied data to be written to arbitrary memory locations, facilitating the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts may crash the application.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22326/info

Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie.

Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application.

Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well. 

touch %n%n%n%n%n%n%n%n%n%n%n.imovieproj
open %n%n%n%n%n%n%n%n%n%n%n.imovieproj