Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0716 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

4 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 58.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 21

Latest updateMay 1

Description

Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x9 versions+8

▶NVDapple/mac_os_x_server7 versions+6

🔴Vulnerability Details

GHSA

GHSA-xwm8-ff5h-57g6: Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow (2)↗2006-08-02

▶

Exploit-DB

Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation↗2005-03-22

▶