Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0117 — Apple MAC OS X vulnerability

4 documents3 sources

Severity

10.0CRITICALNVD

EPSS

7.9%

top 7.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedJan 9

Latest updateMay 1

Description

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x10.4.8

▶NVDapple/mac_os_x_server10.4.8

🔴Vulnerability Details

GHSA

GHSA-x5qg-hvj6-xjxm: DiskManagementTool in the DiskManagement↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation↗2007-01-05

▶

Exploit-DB

Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Local Privilege Escalation↗2007-01-05

▶