Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0646Use of Externally-Controlled Format String in Apple Imovie

CWE-134Use of Externally-Controlled Format String3 documents3 sources
Severity
7.1HIGHNVD
EPSS
17.1%
top 4.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple ImovieApple MAC OS X
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDapple/imovie6.0.3
NVDapple/mac_os_x10.3.9

🔴Vulnerability Details

1
GHSA
GHSA-39c6-rp26-j8w8: Format string vulnerability in iMovie HD 62022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String2007-01-30