EXPLOITS

Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String

Author: LMH
type: dos
platform: osx
port: 
date_added: 2007-01-30  
date_updated: 2013-11-13  
verified: 1  
codes: CVE-2007-0647;OSVDB-32707  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29553.txt  

source: https://www.securityfocus.com/bid/22326/info

Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie.

Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application.

Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well.

touch %n%n%n%n%n%n%n%n%n%n%n.help
open %n%n%n%n%n%n%n%n%n%n%n.help