Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0021

4 documents4 sources
Severity
7.5HIGH
EPSS
42.2%
top 2.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Ichat
Timeline
PublishedJan 23
Latest updateMay 1

Description

Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapple/ichat3.1.6

🔴Vulnerability Details

2
GHSA
GHSA-4c3v-jr8f-g5h4: Format string vulnerability in Apple iChat 32022-05-01
CVEList
CVE-2007-0021: Format string vulnerability in Apple iChat 32007-01-23

💥Exploits & PoCs

1
Exploit-DB
Apple iChat 3.1.6 441 - 'aim://' URL Handler Format String (PoC)2007-01-21
CVE-2007-0021 (HIGH CVSS 7.5) | Format string vulnerability in Appl | cvebase.io