CVE-2007-4682 - Vulnerability Details - OpenCVE

ReportizFlow

CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307041
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
http://secunia.com/advisories/27643
http://securitytracker.com/id?1018950
http://www.kb.cert.org/vuls/id/498105
http://www.securityfocus.com/bid/26444
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
http://www.vupen.com/english/advisories/2007/3868
https://exchange.xforce.ibmcloud.com/vulnerabilities/38465

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-15T01:00:00

Updated: 2024-08-07T15:01:09.981Z

Reserved: 2007-09-05T00:00:00

Link: CVE-2007-4682

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-11-15T01:46:00.000

Modified: 2024-11-21T00:36:11.623

Link: CVE-2007-4682

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1018950", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018950"}, {"name": "VU#498105", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/498105"}, {"name": "26444", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26444"}, {"name": "APPLE-SA-2007-11-14", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"name": "ADV-2007-3868", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"name": "macosx-coretext-code-execution(38465)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38465"}, {"name": "27643", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27643"}, {"name": "TA07-319A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2007-4682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1018950", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018950"}, {"name": "VU#498105", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/498105"}, {"name": "26444", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26444"}, {"name": "APPLE-SA-2007-11-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=307041", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"name": "ADV-2007-3868", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"name": "macosx-coretext-code-execution(38465)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38465"}, {"name": "27643", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27643"}, {"name": "TA07-319A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.981Z"}, "title": "CVE Program Container", "references": [{"name": "1018950", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018950"}, {"name": "VU#498105", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/498105"}, {"name": "26444", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26444"}, {"name": "APPLE-SA-2007-11-14", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"name": "ADV-2007-3868", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"name": "macosx-coretext-code-execution(38465)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38465"}, {"name": "27643", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27643"}, {"name": "TA07-319A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4682", "datePublished": "2007-11-15T01:00:00", "dateReserved": "2007-09-05T00:00:00", "dateUpdated": "2024-08-07T15:01:09.981Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CE430AB-7B7B-44B9-9960-291A08CFC849", "versionEndIncluding": "10.4.10", "versionStartIncluding": "10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer."}, {"lang": "es", "value": "CoreText de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante contenido textual manipulado que dispara un acceso de un puntero a objeto no inicializado."}], "id": "CVE-2007-4682", "lastModified": "2024-11-21T00:36:11.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-15T01:46:00.000", "references": [{"source": "[email protected]", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"source": "[email protected]", "tags": ["Mailing List", "Patch"], "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"source": "[email protected]", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/27643"}, {"source": "[email protected]", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1018950"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/498105"}, {"source": "[email protected]", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/26444"}, {"source": "[email protected]", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"source": "[email protected]", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/27643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1018950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/498105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/26444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38465"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "[email protected]", "type": "Primary"}]}