Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-0021

Published: 23/01/2007 Updated: 29/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

Format string vulnerability in Apple iChat 3.1.6 allows remote malicious users to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

Vulnerable Product Search on Vulmon Subscribe to Product

apple ichat 3.1.6

Exploits

Exploit DB: Apple iChat 3.1.6 441 - 'aim://' URL Handler Format String (PoC)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 11//EN" "wwww3org/TR/xhtml11/DTD/xhtml11dtd"> <html> <head> <title>MOAB-20-01-2007</title> <script> function boom() { var str = ''; for (var i = 0; i < 20; i++) { str = str + escape('A%n'); } str = 'aim:gochat?roomname=' + str ...

References

NVD-CWE-Otherhttp://projects.info-pull.com/moab/MOAB-20-01-2007.htmlhttp://docs.info.apple.com/article.html?artnum=305102http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-047A.htmlhttp://www.kb.cert.org/vuls/id/794752http://www.securityfocus.com/bid/22146http://www.securitytracker.com/id?1017661http://secunia.com/advisories/24198http://osvdb.org/32715http://www.vupen.com/english/advisories/2007/0274https://exchange.xforce.ibmcloud.com/vulnerabilities/31679https://nvd.nist.govhttps://www.exploit-db.com/exploits/3166/https://www.kb.cert.org/vuls/id/794752
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook