fkie_cve-2013-5135
Vulnerability from fkie_nvd
Published
2013-10-24 03:48
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | * | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | apple_remote_desktop | 3.1 | |
| apple | apple_remote_desktop | 3.2 | |
| apple | apple_remote_desktop | 3.2.1 | |
| apple | apple_remote_desktop | 3.2.2 | |
| apple | apple_remote_desktop | 3.3 | |
| apple | apple_remote_desktop | 3.3.1 | |
| apple | apple_remote_desktop | 3.3.2 | |
| apple | apple_remote_desktop | 3.4 | |
| apple | apple_remote_desktop | 3.5 | |
| apple | apple_remote_desktop | 3.5.1 | |
| apple | apple_remote_desktop | 3.5.2 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.8.0 | |
| apple | mac_os_x | 10.8.1 | |
| apple | mac_os_x | 10.8.2 | |
| apple | mac_os_x | 10.8.3 | |
| apple | mac_os_x | 10.8.4 | |
| apple | mac_os_x | 10.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6068E6-47A3-44C0-AAE7-25952E9B18CD",
"versionEndIncluding": "3.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6214BD-6D4B-4F32-B35A-D638723C240A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EF0960-C1A7-4770-80AD-4324925F8966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A47AAB-EC72-474E-A184-1E487D10B747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5509B564-A235-44B9-B0AB-A72AFF5D2837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52113D2A-3C14-4299-B4E9-0731630FC5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "043E86FA-CFD5-4845-BF5E-F42B81EE9C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA5FDCD-BF01-4BF3-8F4C-4E9829C2BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72309021-65E6-43C0-993D-81F6FA0D16C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00BA9937-8F14-4AED-B9DA-ABFA6837CCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3B607B-3B0B-44CA-809E-CBC4A656D4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "BA9ABDE2-A7F3-4D0B-9BBB-57F27AE14B1D",
"versionEndIncluding": "10.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
},
{
"lang": "es",
"value": "Vulnerabilidad de format string en Screen Sharing Server de Apple Mac OS X anterior a 10.9 y Apple Remote Desktop anterior a 3.5.4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s especificadores de formato de cadena en el nombre de usuario VNC."
}
],
"id": "CVE-2013-5135",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:48.877",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…