CVE-2007-2406 - Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might

CVE-2007-2406

Summary

Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file.

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:quartz_composer:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:quartz_composer:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2007-07-31
bid	25159
confirm	http://docs.info.apple.com/article.html?artnum=306172
secunia	26235
vupen	ADV-2007-2732
xf	macos-quartzcomposer-code-execution(35737)

Last major update

29-07-2017 - 01:31

Published

03-08-2007 - 10:17

Last modified

29-07-2017 - 01:31