Vulnerability Details CVE-2009-1717
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-09-04
- http://securitytracker.com/id?1022322
- http://support.apple.com/kb/HT3549
- http://www.securityfocus.com/archive/1/504031/100/0/threaded
- http://www.securityfocus.com/bid/35182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50982
- http://dvlabs.tippingpoint.com/advisory/TPTI-09-04
- http://securitytracker.com/id?1022322
- http://support.apple.com/kb/HT3549
- http://www.securityfocus.com/archive/1/504031/100/0/threaded
- http://www.securityfocus.com/bid/35182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50982
Products affected by CVE-2009-1717
-
cpe:2.3:o:apple:mac_os_x:10.5
-
cpe:2.3:o:apple:mac_os_x:10.5.0
-
cpe:2.3:o:apple:mac_os_x:10.5.1
-
cpe:2.3:o:apple:mac_os_x:10.5.2
-
cpe:2.3:o:apple:mac_os_x:10.5.3
-
cpe:2.3:o:apple:mac_os_x:10.5.4
-
cpe:2.3:o:apple:mac_os_x:10.5.5
-
cpe:2.3:o:apple:mac_os_x:10.5.6
-
cpe:2.3:o:apple:mac_os_x_server:10.5
-
cpe:2.3:o:apple:mac_os_x_server:10.5.0
-
cpe:2.3:o:apple:mac_os_x_server:10.5.1
-
cpe:2.3:o:apple:mac_os_x_server:10.5.2
-
cpe:2.3:o:apple:mac_os_x_server:10.5.3
-
cpe:2.3:o:apple:mac_os_x_server:10.5.4
-
cpe:2.3:o:apple:mac_os_x_server:10.5.5
-
cpe:2.3:o:apple:mac_os_x_server:10.5.6