Search...

CVE-2007-5850

2007-12-19T16:46:00

ID CVE-2007-5850
Type cve
Reporter NVD
Modified 2017-07-28T21:33:54

Description

Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-5850", "bulletinFamily": "NVD", "title": "CVE-2007-5850", "description": "Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.", "published": "2007-12-19T16:46:00", "modified": "2017-07-28T21:33:54", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5850", "reporter": "NVD", "references": ["http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/39098", "http://docs.info.apple.com/article.html?artnum=307179", "http://securitytracker.com/id?1019106", "http://www.vupen.com/english/advisories/2007/4238", "http://www.securityfocus.com/bid/26910"], "cvelist": ["CVE-2007-5850"], "type": "cve", "lastseen": "2017-07-29T11:22:20", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:apple:mac_os_x:10.4.11"], "cvelist": ["CVE-2007-5850"], "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "description": "Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.", "edition": 1, "enchantments": {}, "hash": "f09d8215d1719ac1405e1c490eca53fb1b58d0352308a9bc2f446f60e0609902", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "0cb209ff64e7324ff58bc5c6392b69e3", "key": "href"}, {"hash": "15285f5e856c218c3a37c15710e0baf3", "key": "description"}, {"hash": "a04f172ef3ad1bfd8b69c6c9144f52d4", "key": "cvelist"}, {"hash": "ea7b64a4f8523002e7e56fcbe8f31122", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "83ed499a17a2e06b5633a853046125be", "key": "title"}, {"hash": "11e15157f1af5801db8af66a0cf75f64", "key": "cvss"}, {"hash": "3ddae9d286fcd30e9ddef53a80014e56", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "96b9fb8cf84263d9da0af4c82568cd60", "key": "modified"}, {"hash": "c5b95961cedb7f71f566e9f5caeaac58", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5850", "id": "CVE-2007-5850", "lastseen": "2016-09-03T09:44:16", "modified": "2011-03-07T22:01:24", "objectVersion": "1.2", "published": "2007-12-19T16:46:00", "references": ["http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "http://docs.info.apple.com/article.html?artnum=307179", "http://xforce.iss.net/xforce/xfdb/39098", "http://securitytracker.com/id?1019106", "http://www.vupen.com/english/advisories/2007/4238", "http://www.securityfocus.com/bid/26910"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-5850", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:44:16"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "3ddae9d286fcd30e9ddef53a80014e56"}, {"key": "cvelist", "hash": "a04f172ef3ad1bfd8b69c6c9144f52d4"}, {"key": "cvss", "hash": "11e15157f1af5801db8af66a0cf75f64"}, {"key": "description", "hash": "15285f5e856c218c3a37c15710e0baf3"}, {"key": "href", "hash": "0cb209ff64e7324ff58bc5c6392b69e3"}, {"key": "modified", "hash": "886ef0acfbaf7e6039e1509c7e63e0c1"}, {"key": "published", "hash": "c5b95961cedb7f71f566e9f5caeaac58"}, {"key": "references", "hash": "7bef666586b25715e3ed7d319fd50ec1"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "83ed499a17a2e06b5633a853046125be"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "0261b68d8ce5088b7c94352f708cd8c37d7090880aacebb05e56b50adc4e4e2d", "viewCount": 0, "enchantments": {"vulnersScore": 9.3}, "objectVersion": "1.3", "cpe": ["cpe:/o:apple:mac_os_x:10.4.11"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"seebug": [{"id": "SSV:2771", "type": "seebug", "title": "Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities", "description": "CVE-2007-4708\r\nCVE-2007-4709\r\nCVE-2007-4710\r\nCVE-2007-5847\r\nCVE-2007-5848\r\nCVE-2007-5849\r\nCVE-2007-5850\r\nCVE-2007-5851\r\nCVE-2007-5853\r\nCVE-2007-5854\r\nCVE-2007-5855\r\nCVE-2007-5856\r\nCVE-2007-5857\r\nCVE-2007-5859\r\nCVE-2007-5876\r\nCVE-2007-5860\r\nCVE-2007-5861\r\n\r\nThese issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.\r\n\r\nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.\r\n\r\nApple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. \n\nrPath rPath Linux 1\r\nApple Mac OS X Server 10.5.1 \r\nApple Mac OS X Server 10.4.11 \r\nApple Mac OS X Server 10.4.10 \r\nApple Mac OS X Server 10.4.9 \r\nApple Mac OS X Server 10.4.8 \r\nApple Mac OS X Server 10.4.7 \r\nApple Mac OS X Server 10.4.6 \r\nApple Mac OS X Server 10.4.5 \r\nApple Mac OS X Server 10.4.4 \r\nApple Mac OS X Server 10.4.3 \r\nApple Mac OS X Server 10.4.2 \r\nApple Mac OS X Server 10.4.1 \r\nApple Mac OS X Server 10.4 \r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.1 \r\nApple Mac OS X 10.4.11 \r\nApple Mac OS X 10.4.10 \r\nApple Mac OS X 10.4.9 \r\nApple Mac OS X 10.4.8 \r\nApple Mac OS X 10.4.7 \r\nApple Mac OS X 10.4.6 \r\nApple Mac OS X 10.4.5 \r\nApple Mac OS X 10.4.4 \r\nApple Mac OS X 10.4.3 \r\nApple Mac OS X 10.4.2 \r\nApple Mac OS X 10.4.1 \r\nApple Mac OS X 10.4 \r\nApple Mac OS X 10.5\r\n\n Apple Mac OS X Server 10.4.11 \r\n\r\nApple Security Update 2007-009 (10.4.11 PPC)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\nApple Security Update 2007-009 (10.4.11 Universal)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\n\r\nApple Mac OS X 10.4.11 \r\n\r\nApple Security Update 2007-009 (10.4.11 PPC)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\nApple Security Update 2007-009 (10.4.11 Universal)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\n\r\nApple Mac OS X Server 10.5.1 \r\n\r\nApple Security Update 2007-009 (10.5.1)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009.dmg\r\n\r\n\r\nApple Mac OS X 10.5.1 \r\n\r\nApple Security Update 2007-009 (10.5.1)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009.dmg", "published": "2008-01-06T00:00:00", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-2771", "cvelist": ["CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-5847", "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853", "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5876"], "lastseen": "2017-11-19T21:51:06"}], "openvas": [{"id": "OPENVAS:102023", "type": "openvas", "title": "Mac OS X Security Update 2007-009", "description": "The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery", "published": "2010-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=102023", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "lastseen": "2017-07-02T21:09:49"}, {"id": "OPENVAS:1361412562310102023", "type": "openvas", "title": "Mac OS X Security Update 2007-009", "description": "The remote host is missing Security Update 2007-009.", "published": "2010-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102023", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "lastseen": "2018-06-07T10:52:39"}], "nessus": [{"id": "MACOSX_SECUPD2007-009.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-009)", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of programs.", "published": "2007-12-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29723", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "lastseen": "2018-07-15T03:33:31"}]}}