Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.
2007-02-01T00:28:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 7.1 (HIGH)
AV:N/AC:M/Au:N/C:N/I:N/A:C
8.6
6.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | apple | mac_os_x | 10.4 | No |
Operating System | apple | mac_os_x | 10.4.1 | No |
Operating System | apple | mac_os_x | 10.4.2 | No |
Operating System | apple | mac_os_x | 10.4.3 | No |
Operating System | apple | mac_os_x | 10.4.4 | No |
Operating System | apple | mac_os_x | 10.4.5 | No |
Operating System | apple | mac_os_x | 10.4.6 | No |
Operating System | apple | mac_os_x | 10.4.7 | No |
Operating System | apple | mac_os_x | 10.4.8 | No |
Operating System | apple | mac_os_x | 10.4.9 | No |
Operating System | apple | mac_os_x | 10.4.10 | No |
Application | apple | imovie | 6.0.3 | Yes |
Application | apple | safari | * | Yes |
Operating System | apple | mac_os_x | 10.3.9 | Yes |