Vulnerability Details CVE-2010-1376
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.037
EPSS Ranking 87.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://secunia.com/advisories/40220
- http://securitytracker.com/id?1024103
- http://support.apple.com/kb/HT4188
- http://www.securityfocus.com/bid/40871
- http://www.vupen.com/english/advisories/2010/1481
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://secunia.com/advisories/40220
- http://securitytracker.com/id?1024103
- http://support.apple.com/kb/HT4188
- http://www.securityfocus.com/bid/40871
- http://www.vupen.com/english/advisories/2010/1481
Products affected by CVE-2010-1376
-
cpe:2.3:o:apple:mac_os_x:10.6.0
-
cpe:2.3:o:apple:mac_os_x:10.6.1
-
cpe:2.3:o:apple:mac_os_x:10.6.2
-
cpe:2.3:o:apple:mac_os_x:10.6.3
-
cpe:2.3:o:apple:mac_os_x_server:10.6.0
-
cpe:2.3:o:apple:mac_os_x_server:10.6.1
-
cpe:2.3:o:apple:mac_os_x_server:10.6.2
-
cpe:2.3:o:apple:mac_os_x_server:10.6.3