ID CVE-2007-0735
Summary Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 08-03-2011 - 02:50)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
apple APPLE-SA-2007-04-19
bid 23569
cert TA07-109A
confirm http://docs.info.apple.com/article.html?artnum=305391
osvdb 34860
sectrack 1017942
secunia 24966
vupen ADV-2007-1470
Last major update 08-03-2011 - 02:50
Published 24-04-2007 - 17:19
Last modified 08-03-2011 - 02:50
Back to Top