Lucene search

[email protected]CVE-2004-1398

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1398

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

1398

format string vulnerability

kextload

apple os x

tdixsupport

roxio toast titanium

nvd

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.

CPENameOperatorVersion
roxio:toastroxio toasteq*

CPE	Name	Operator	Version
roxio:toast	roxio toast	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html

marc.info/?l=bugtraq&m=110305083706943&w=2

www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt

www.securityfocus.com/bid/11926

www.securityfocus.com/bid/20031

exchange.xforce.ibmcloud.com/vulnerabilities/18472

7.7 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON