CVE-2009-2191

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

References

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

http://osvdb.org/56840

http://secunia.com/advisories/36096

http://support.apple.com/kb/HT3757

http://www.securityfocus.com/bid/35954

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

http://www.vupen.com/english/advisories/2009/2172

https://exchange.xforce.ibmcloud.com/vulnerabilities/52428

Details

Source: MITRE

Published: 2009-08-06

Updated: 2017-08-17

Type: CWE-134

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
800789Mac OS X 10.5 < 10.5.8 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5122Mac OS X 10.5 < 10.5.8 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
40502Mac OS X 10.5.x < 10.5.8 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
40501Mac OS X Multiple Vulnerabilities (Security Update 2009-003)NessusMacOS X Local Security Checks
critical