Vulnerability Details : CVE-2011-0185
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
Products affected by CVE-2011-0185
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0185
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0185
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2011-0185
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0185
-
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Apple - Lists.apple.comVendor Advisory
-
http://www.securityfocus.com/bid/50092
Apple Mac OS X Application Firewall (CVE-2011-0185) Format String Vulnerability
-
http://www.securityfocus.com/bid/50085
Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities
-
http://support.apple.com/kb/HT5002
About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple SupportVendor Advisory
Jump to