Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0644Use of Externally-Controlled Format String in Apple Safari

4 documents4 sources
Severity
7.1HIGHNVD
EPSS
5.2%
top 10.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Safari
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDapple/safari2.0.4_419.3

🔴Vulnerability Details

1
GHSA
GHSA-gjhx-6mfp-w2f2: Format string vulnerability in Apple Safari 22022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.x - Safari window.console.log Format String2007-01-30

💬Community

1
Bugzilla
CVE-2007-5751 liferea weak permissions for the feedlist.opml backup file2007-10-31