Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution

🗓️ 20 Nov 2007 00:00:00Reported by heise SecurityType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 29 Views

Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution vulnerability in Mail ap

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2007-0395
19 Jan 200723:00
cve
Cvelist		CVE-2007-0395
19 Jan 200723:00
cvelist
EUVD		EUVD-2007-0397
7 Oct 202500:30
euvd
exploitpack		Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution
20 Nov 200700:00
exploitpack
NVD		CVE-2007-0395
19 Jan 200723:28
nvd
Prion		Remote file inclusion
19 Jan 200723:28
prion
securityvulns		Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
18 Jan 200700:00
securityvulns
seebug.org		Apple Mac OS X 10.5.x Mail Arbitrary Code Execution Vulnerability
1 Jul 201400:00
seebug
source: https://www.securityfocus.com/bid/26510/info

Apple Mac OS X is prone to a vulnerability that can allow arbitrary code to run. This issue affects the Mail application when handling email attachments.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. This will compromise the application and possibly the underlying operating system.

This issue affects Mac OS X 10.5.

NOTE: This vulnerability may be related to CVE-2007-0395 documented in BID 16907 (Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities). Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges.

UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information.

UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application.
https://www.securityfocus.com/bid/16907 

/bin/ls -al
echo
echo
echo "heise Security: You are vulnerable."
echo
echo

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Nov 2007 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 27.5
EPSS0.06242
apple mac os xvulnerabilitymail applicationarbitrary code executionsecurity updatelaunch servicesemail attachments
29