Apple : Security Vulnerabilities, CVEs, Published In January 2007 (Code Execution)
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
Max CVSS
7.1
EPSS Score
79.60%
Published
2007-01-30
Updated
2013-08-15
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
Max CVSS
7.6
EPSS Score
92.84%
Published
2007-01-31
Updated
2017-07-29
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.
Max CVSS
5.0
EPSS Score
39.09%
Published
2007-01-29
Updated
2011-03-08
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
Max CVSS
10.0
EPSS Score
87.72%
Published
2007-01-26
Updated
2017-07-29
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
Max CVSS
7.2
EPSS Score
1.40%
Published
2007-01-19
Updated
2017-10-19
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
25.63%
Published
2007-01-16
Updated
2017-10-11
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
Max CVSS
6.8
EPSS Score
96.55%
Published
2007-01-11
Updated
2018-10-16
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
Max CVSS
6.8
EPSS Score
12.35%
Published
2007-01-05
Updated
2018-10-30
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
Max CVSS
6.8
EPSS Score
91.66%
Published
2007-01-04
Updated
2018-10-16
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.
Max CVSS
7.5
EPSS Score
49.23%
Published
2007-01-23
Updated
2017-07-29
CVE-2007-0015
Public exploit
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
Max CVSS
6.8
EPSS Score
96.63%
Published
2007-01-01
Updated
2017-10-19
11 vulnerabilities found