Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0753Use of Externally-Controlled Format String in Apple MAC OS X

CWE-134Use of Externally-Controlled Format String4 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 34.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedMay 24
Latest updateMay 1

Description

Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x20 versions+19
NVDapple/mac_os_x_server20 versions+19

🔴Vulnerability Details

1
GHSA
GHSA-wmxq-xr6m-73w7: Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 102022-05-01

💥Exploits & PoCs

2
Exploit-DB
Apple Mac OSX < 2007-005 - 'vpnd' Local Privilege Escalation2007-05-30
Exploit-DB
Apple Mac OSX 10.4.9 - VPND Local Format String2007-05-29
CVE-2007-0753 — Apple MAC OS X vulnerability | cvebase