Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0647Use of Externally-Controlled Format String in Apple MAC OS X

3 documents3 sources
Severity
7.1HIGHNVD
EPSS
6.4%
top 8.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple MAC OS X
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDapple/mac_os_x10.3.9

🔴Vulnerability Details

1
GHSA
GHSA-j568-7jf2-g43r: Format string vulnerability in Help Viewer 32022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String2007-01-30