8 matches found
CVE-2007-0021
Apple iChat 3.1.6 is affected by a format string vulnerability in the AIM URI handler. A remote attacker could exploit crafted aim:// URIs to cause a denial of service (null pointer dereference) and possibly execute arbitrary code. The issue is remediated by Apple Security Update 2007-002 (Mac OS...
CVE-2007-3748
CVE-2007-3748 describes a buffer overflow in the UPnP IGD code used by iChat on macOS X 10.3.9 and 10.4.10. The issue allows network-adjacent remote attackers to execute arbitrary code by sending a crafted packet, per the connected documents. Affected component: UPnP IGD implementation in iChat. ...
CVE-2007-0613
The CVE-2007-0613 issue affects Apple Mac OS X 10.4.8 components including Bonjour in mDNSResponder, iChat 3.1.6, and the InstantMessage framework 428. The vulnerability arises because the Bonjour service does not deduplicate newly discovered presence entries, allowing a remote attacker to cause ...
CVE-2007-3747
CVE-2007-3747 affects Apple Mac OS X 10.3.9 and 10.4.10 via the CoreAudio Java interface. The issue allows remote attackers to execute arbitrary code by crafting an applet because object instantiation/manipulation is not restricted to valid heap addresses. Public sources describe this as a remote...
CVE-2007-0710
Summary (CVE-2007-0710) The Bonjour functionality in iChat on Apple Mac OS X 10.3.9 is affected. The vulnerability allows a remote attacker on the same network to cause a denial of service (persistent application crash) by triggering how iChat/Bonjour handles certain TXT records (TXT key hashes)....
CVE-2007-0614
The CVE-2007-0614 entry concerns the Bonjour functionality in Apple Mac OS X 10.4.8, specifically in mDNSResponder, iChat 3.1.6, and the InstantMessage framework (428). The vulnerability is triggered by a crafted phsh hash attribute in a TXT DNS TXT record, leading to a denial of service via a pe...
CVE-2007-3746
The CVE-2007-3746 issue affects Apple Mac OS X CoreAudio: the Java interface mishandles heap bounds during read/write, enabling remote code execution via a crafted applet on Mac OS X 10.3.9/10.4.10. Available connected documents corroborate the CoreAudio Java interface as the vulnerable component...
CVE-2004-0873
Apple iChat AV 2.1, AV 2.0, and 1.0.1 are affected by a remote code-execution vulnerability where a crafted "link" referencing a program can cause arbitrary commands to run on the target. This is a network-type issue with low attack complexity, no authentication, and partial confidentiality/integ...