ID MU Type canvas Reporter Immunity Canvas Modified 2007-08-03T06:17:00
Description
Name| mu
---|--- CVE| CVE-2007-3744 Exploit Pack| CANVAS Description| MacOS X 10.4 mDNSResponder UPNP Remote Root Exploit Notes| CVE Name: CVE-2007-3744
Notes: If the target port is not specified, it will be located automatically.
This exploit will attempt to bypass the built-in OS X firewall by sending packets
from port 5353. Hence, it currently only works from a LocalNode.
If you're testing on your own box, and you crash mDNS, by picking the wrong
version, you can find the new port via: netstat -an | grep udp4
It will likely be 49XXX or 5XXXX.
This exploit does not work FROM an OS X machine due to UDP packet size limits. Sorry!
VENDOR: Apple
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744
CVSS: 5.8
{"bulletinFamily": "exploit", "hash": "0ad6c610b819ffbc698ac26ab6f4b7438f988129a8c49435c8fe02a9dc165ccf", "id": "MU", "title": "Immunity Canvas: MU", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "objectVersion": "1.2", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "c54948bab8e876b2c708879f85650f08", "key": "cvelist"}, {"hash": "a391df1eee3bdeba4542e387fa0d38a8", "key": "cvss"}, {"hash": "029170489b993dbbb225324ef4b47014", "key": "description"}, {"hash": "90b92436f15e77f0d2513b6d0fb3b8c7", "key": "href"}, {"hash": "fcc760f13da027ee20f2cc020e8dc363", "key": "modified"}, {"hash": "777d45bbbcdf50d49c42c70ad7acf5fe", "key": "objectVersion"}, {"hash": "fcc760f13da027ee20f2cc020e8dc363", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "403ed403becfd91e34c7d282e2a3b12f", "key": "reporter"}, {"hash": "6f7052f39ab3cc720c7178596f35c340", "key": "title"}, {"hash": "fcc790c72a86190de1b549d0ddc6f55c", "key": "type"}], "cvelist": ["CVE-2007-3744"], "viewCount": 1, "published": "2007-08-03T06:17:00", "description": "**Name**| mu \n---|--- \n**CVE**| CVE-2007-3744 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| MacOS X 10.4 mDNSResponder UPNP Remote Root Exploit \n**Notes**| CVE Name: CVE-2007-3744 \nNotes: If the target port is not specified, it will be located automatically. \nThis exploit will attempt to bypass the built-in OS X firewall by sending packets \nfrom port 5353. Hence, it currently only works from a LocalNode. \n \nIf you're testing on your own box, and you crash mDNS, by picking the wrong \nversion, you can find the new port via: netstat -an | grep udp4 \n \nIt will likely be 49XXX or 5XXXX. \n \nThis exploit does not work FROM an OS X machine due to UDP packet size limits. Sorry! \n \nVENDOR: Apple \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744 \nCVSS: 5.8 \n\n", "references": [], "edition": 1, "reporter": "Immunity Canvas", "modified": "2007-08-03T06:17:00", "lastseen": "2016-09-25T14:12:04", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/mu", "enchantments": {"vulnersScore": 7.2}, "type": "canvas"}
{"result": {"cve": [{"id": "CVE-2007-3744", "type": "cve", "title": "CVE-2007-3744", "description": "Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.", "published": "2007-08-03T06:17:00", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3744", "cvelist": ["CVE-2007-3744"], "lastseen": "2017-07-29T11:22:08"}], "osvdb": [{"id": "OSVDB:36967", "type": "osvdb", "title": "Mac OS X mDNSResponder UPnP IGD Crafted Packet Remote Overflow", "description": "## Vulnerability Description\nA buffer overflow exists in Mac OS X. The mDNS Responder fails to validate UPnP IGD packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.\n## Short Description\nMac OS X 10.4 - 10.4.10 mDNSResponder UPnP IGD Crafted Packet Remote Overflow\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=306172)\nSecurity Tracker: 1018488\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Related OSVDB ID: 36965](https://vulners.com/osvdb/OSVDB:36965)\n[Related OSVDB ID: 36971](https://vulners.com/osvdb/OSVDB:36971)\n[Related OSVDB ID: 36973](https://vulners.com/osvdb/OSVDB:36973)\n[Related OSVDB ID: 36974](https://vulners.com/osvdb/OSVDB:36974)\n[Related OSVDB ID: 36963](https://vulners.com/osvdb/OSVDB:36963)\n[Related OSVDB ID: 36964](https://vulners.com/osvdb/OSVDB:36964)\n[Related OSVDB ID: 36966](https://vulners.com/osvdb/OSVDB:36966)\n[Related OSVDB ID: 36968](https://vulners.com/osvdb/OSVDB:36968)\n[Related OSVDB ID: 36972](https://vulners.com/osvdb/OSVDB:36972)\n[Related OSVDB ID: 36969](https://vulners.com/osvdb/OSVDB:36969)\n[Related OSVDB ID: 36970](https://vulners.com/osvdb/OSVDB:36970)\n[Related OSVDB ID: 36975](https://vulners.com/osvdb/OSVDB:36975)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573\nMail List Post: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\nISS X-Force ID: 35733\nFrSIRT Advisory: ADV-2007-2732\n[CVE-2007-3744](https://vulners.com/cve/CVE-2007-3744)\nBugtraq ID: 25159\n", "published": "2007-07-31T17:53:25", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:36967", "cvelist": ["CVE-2007-3744"], "lastseen": "2017-04-28T13:20:33"}], "openvas": [{"id": "OPENVAS:136141256231070806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "published": "2012-02-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070806", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2018-04-06T11:16:48"}, {"id": "OPENVAS:70806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "published": "2012-02-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70806", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2017-07-24T12:50:31"}], "gentoo": [{"id": "GLSA-201201-05", "type": "gentoo", "title": "mDNSResponder: Multiple vulnerabilities", "description": "### Background\n\nmDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. \n\n### Description\n\nMultiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mDNSResponder users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mDNSResponder-212.1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue.", "published": "2012-01-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201201-05", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2016-09-06T19:46:52"}], "nessus": [{"id": "GENTOO_GLSA-201201-05.NASL", "type": "nessus", "title": "GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201201-05 (mDNSResponder: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "published": "2012-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57631", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2017-10-29T13:37:47"}, {"id": "MACOSX_SECUPD2007-007.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-007)", "description": "The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. \n\nThis update contains several security fixes for the following programs :\n\n - bzip2\n - CFNetwork\n - CoreAudio\n - cscope\n - gnuzip\n - iChat\n - Kerberos\n - mDNSResponder\n - PDFKit\n - PHP\n - Quartz Composer\n - Samba\n - SquirrelMail\n - Tomcat\n - WebCore\n - WebKit", "published": "2007-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25830", "cvelist": ["CVE-2007-2407", "CVE-2007-3944", "CVE-2007-3747", "CVE-2007-0478", "CVE-2007-2409", "CVE-2007-1717", "CVE-2007-2442", "CVE-2005-2090", "CVE-2006-4019", "CVE-2007-2798", "CVE-2007-1860", "CVE-2006-2842", "CVE-2004-2541", "CVE-2007-3742", "CVE-2007-1287", "CVE-2007-2446", "CVE-2007-3748", "CVE-2007-3744", "CVE-2007-1521", "CVE-2007-1001", "CVE-2007-2404", "CVE-2005-3128", "CVE-2006-6142", "CVE-2007-2403", "CVE-2006-3174", "CVE-2007-1484", "CVE-2007-2405", "CVE-2007-2447", "CVE-2007-1262", "CVE-2007-3745", "CVE-2007-0450", "CVE-2007-2410", "CVE-2007-1358", "CVE-2007-2408", "CVE-2007-2443", "CVE-2007-1583", "CVE-2007-3746", "CVE-2005-0758", "CVE-2007-1460", "CVE-2007-1711", "CVE-2007-2589", "CVE-2007-2406", "CVE-2004-0996", "CVE-2007-1461"], "lastseen": "2017-10-29T13:37:56"}], "seebug": [{"id": "SSV:2062", "type": "seebug", "title": "Mac OS X 2007-007\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "CVE(CAN) ID: CVE-2004-0996,CVE-2004-2541,CVE-2005-0758,CVE-2005-3128,CVE-2006-2842,CVE-2006-3174,CVE-2006-4019,CVE-2006-6142,CVE-2007-0450,CVE-2007-0478,CVE-2007-1001,CVE-2007-1262,CVE-2007-1358,CVE-2007-1460,CVE-2007-1461,CVE-2007-1484,CVE-2007-1521,CVE-2007-1583,CVE-2007-1711,CVE-2007-1717,CVE-2007-1860,CVE-2007-2403,CVE-2007-2404,CVE-2007-2405,CVE-2007-2406,CVE-2007-2407,CVE-2007-2408,CVE-2007-2409,CVE-2007-2410,CVE-2007-2442,CVE-2007-2443,CVE-2007-2446,CVE-2007-2447,CVE-2007-2589,CVE-2007-2798,CVE-2007-3742,CVE-2007-3744,CVE-2007-3745,CVE-2007-3746,CVE-2007-3747,CVE-2007-3748,CVE-2007-3944\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u8ba1\u7b97\u673a\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple 2007-007\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86Mac OS X\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u6216\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u9020\u6210\u591a\u79cd\u5a01\u80c1\u3002\r\n\r\n\u5177\u4f53\u6761\u76ee\u5305\u62ec\uff1a\r\n\r\n* CVE-2005-0758\r\n\r\nbzgrep\u5728\u5904\u7406\u7578\u5f62\u6587\u4ef6\u540d\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237bzgrep\u6076\u610f\u6587\u4ef6\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-2403\r\n\r\nMac OS X\u5728\u5904\u7406FTP URI\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u6076\u610fFTP URI\u7684\u7528\u6237\u5728\u5f53\u524dFTP\u4f1a\u8bdd\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\r\n\r\n* CVE-2007-2404\r\n\r\nCFNetwork\u5904\u7406HTTP\u56de\u5e94\u6570\u636e\u65f6\u6613\u53d7\u6570\u636e\u5206\u5272\u653b\u51fb\u7684\u5f71\u54cd\uff0c\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u6267\u884c\u3002\r\n\r\n* CVE-2007-3745\r\n\r\nCoreAudio\u7684Java\u63a5\u53e3\u5141\u8bb8\u91ca\u653e\u4efb\u610f\u7684\u5185\u5b58\u5730\u5740\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-3746\r\n\r\nCoreAudio\u7684Java\u63a5\u53e3\u5b58\u5728\u5806\u5757\u8fb9\u754c\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-3747\r\n\r\nCoreAudio\u7684Java\u63a5\u53e3\u5141\u8bb8\u5728\u5806\u5757\u4ee5\u5916\u7684\u5185\u5b58\u521d\u59cb\u5316\u6216\u64cd\u4f5c\u5bf9\u8c61\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2004-0996,CVE-2004-2541\r\n\r\nCscope\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5305\u62ec\u7f13\u51b2\u533a\u6ea2\u51fa\u548c\u4e0d\u5b89\u5168\u7684\u65b9\u5f0f\u521b\u5efa\u4e34\u65f6\u6587\u4ef6\uff0c\u53ef\u80fd\u5bfc\u81f4\u8fdc\u7a0b\u653b\u51fb\u8005\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\n* CVE-2005-0758\r\n\r\nzgrep\u5728\u5904\u7406\u7578\u5f62\u6587\u4ef6\u540d\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237zgrep\u6076\u610f\u6587\u4ef6\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-3748\r\n\r\niChat\u4f7f\u7528\u7684UPnP IGD\u4ee3\u7801\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u7f51\u7edc\u4e0a\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-2442,CVE-2007-2443,CVE-2007-2798\r\n\r\nMIT Kerberos kadmind\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u8ba4\u3002\r\n\r\n* CVE-2007-3744\r\n\r\nmDNSResponder\u4f7f\u7528\u7684UPnP IGD\u4ee3\u7801\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u7f51\u7edc\u4e0a\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-2405\r\n\r\nPreview\u5904\u7406PDF\u6587\u4ef6\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u6076\u610fPDF\u6587\u4ef6\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-1001,CVE-2007-1287,CVE-2007-1460,CVE-2007-1461,CVE-2007-1484,CVE-2007-1521,CVE-2007-1583,CVE-2007-1711,CVE-2007-1717\r\n\r\nPHP\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u5404\u79cd\u653b\u51fb\u3002\r\n\r\n* CVE-2007-2406\r\n\r\nQuartz Composer\u5b9e\u73b0\u4e0a\u5b58\u5728\u672a\u521d\u59cb\u5316\u5bf9\u8c61\u6307\u9488\u5904\u7406\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u6076\u610f\u6587\u4ef6\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-2446\r\n\r\nSamba\u7684\u5b9e\u73b0\u5728\u5904\u7406\u7578\u5f62\u7684RPC\u8bf7\u6c42\u65f6\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\n* CVE-2007-2447\r\n\r\nSamba\u7684\u5b9e\u73b0\u5728\u5904\u7406\u7578\u5f62RPC\u8bf7\u6c42\u65f6\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\r\n\r\n* CVE-2007-2407\r\n\r\nSamba\u7684\u5b9e\u73b0\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406\u6743\u9650\u7684\u4e22\u5f03\uff0c\u5bfc\u81f4\u78c1\u76d8\u9650\u989d\u7ed5\u8fc7\u3002\r\n\r\n* CVE-2005-3128,CVE-2006-2842,CVE-2006-3174,CVE-2006-4019,CVE-2006-6142,CVE-2007-1262,CVE-2007-2589\r\n\r\nSquirrelMail\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u6267\u884c\u3002\r\n\r\n* CVE-2005-2090,CVE-2007-0450,CVE-2007-1358,CVE-2007-1860\r\n\r\nTomcat\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u6267\u884c\u548c\u4fe1\u606f\u6cc4\u9732\u3002\r\n\r\n* CVE-2007-2408\r\n\r\nWebCore\u8f6f\u4ef6\u5305\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u4e0d\u671f\u671b\u7684Java applet\u6267\u884c\u3002\r\n\r\n* CVE-2007-0478\r\n\r\nWebCore\u8f6f\u4ef6\u5305\u5728\u5904\u7406HTML\u6807\u9898\u7684\u4ee3\u7801\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u7528\u6237\u63d2\u5165\u4ee3\u7801\u3002\r\n\r\n* CVE-2007-2409,CVE-2007-2410\r\n\r\nWebCore\u8f6f\u4ef6\u5305\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u6d4f\u89c8\u5668\u4fe1\u606f\u6cc4\u9732\u3002\r\n\r\n* CVE-2007-3742\r\n\r\nWebKit\u8f6f\u4ef6\u5305\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u57df\u540d\u6b3a\u9a97\u3002\r\n\r\n* CVE-2007-3944\r\n\r\nSafari\u7684JavaScript\u5f15\u64ce\u4f7f\u7528\u7684PCRE\u5e93\u5b9e\u73b0\u4e0a\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\n\nApple MacOS X\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://docs.info.apple.com/article.html?artnum=306172\" target=\"_blank\">http://docs.info.apple.com/article.html?artnum=306172</a>", "published": "2007-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-2062", "cvelist": ["CVE-2004-0996", "CVE-2004-2541", "CVE-2005-0758", "CVE-2005-2090", "CVE-2005-3128", "CVE-2006-2842", "CVE-2006-3174", "CVE-2006-4019", "CVE-2006-6142", "CVE-2007-0450", "CVE-2007-0478", "CVE-2007-1001", "CVE-2007-1262", "CVE-2007-1287", "CVE-2007-1358", "CVE-2007-1460", "CVE-2007-1461", "CVE-2007-1484", "CVE-2007-1521", "CVE-2007-1583", "CVE-2007-1711", "CVE-2007-1717", "CVE-2007-1860", "CVE-2007-2403", "CVE-2007-2404", "CVE-2007-2405", "CVE-2007-2406", "CVE-2007-2407", "CVE-2007-2408", "CVE-2007-2409", "CVE-2007-2410", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2446", "CVE-2007-2447", "CVE-2007-2589", "CVE-2007-2798", "CVE-2007-3742", "CVE-2007-3744", "CVE-2007-3745", "CVE-2007-3746", "CVE-2007-3747", "CVE-2007-3748", "CVE-2007-3944"], "lastseen": "2017-11-19T21:59:56"}]}}
