Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Software Update格式串处理漏洞
Vulnerability Description
Apple Software Update用于通过HTTP协议为终端用户分发补丁。 Apple Software Update在处理畸形的文件名时存在漏洞,远程攻击者可能利用此漏洞在客户端上执行任意指令。Software Update没有正确处理swutmp扩展中的文件名字符串,允许攻击者通过SWUTMP、SUCATALOG文件名中的格式串标识符或application/x-apple.sucatalog+xml MIME类型执行格式串攻击,导致拒绝服务或执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A