Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0465 — Use of Externally-Controlled Format String in Apple Installer

3 documents3 sources

Severity

7.6HIGHNVD

EPSS

30.0%

top 3.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Installer Apple MAC OS X

Timeline

PublishedJan 31

Latest updateMay 1

Description

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/installer2.1.5

▶NVDapple/mac_os_x10.4.8

🔴Vulnerability Details

GHSA

GHSA-j6q2-7rvg-rj7g: Format string vulnerability in Apple Installer 2↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Installer Package 2.1.5 - Filename Format String↗2007-01-27

▶