CVE-2007-0463
Description
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows DoS or arbitrary code execution via crafted filenames or MIME types.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows DoS or arbitrary code execution via crafted filenames or MIME types.
Vulnerability
A format string vulnerability exists in Apple Software Update version 2.0.5 on Mac OS X 10.4.8. The application fails to properly sanitize user-supplied input before passing it as a format specifier to a formatted-printing function, allowing crafted input to be used as format string specifiers.
Exploitation
Attackers can exploit this vulnerability by creating specially crafted filenames such as SWUTMP or SUCATALOG, or by using the application/x-apple.sucatalog+xml MIME type. For example, an attacker could create a file named %x.%x.%x.%x.%x.%x.%x.swutmp and attempt to open it [1].
Impact
A successful exploit can lead to a denial of service by crashing the application, or potentially allow for arbitrary code execution. This could facilitate unauthorized access or privilege escalation within the context of the user running the application [1].
Mitigation
Not yet disclosed in the available references.
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:apple:software_update:2.0.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:software_update:2.0.5:*:*:*:*:*:*:*
- (no CPE)range: = 2.0.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- projects.info-pull.com/moab/MOAB-24-01-2007.htmlnvdExploitVendor Advisory
- www.us-cert.gov/cas/techalerts/TA07-072A.htmlnvdUS Government Resource
- docs.info.apple.com/article.htmlnvd
- lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlnvd
- secunia.com/advisories/24479nvd
- www.osvdb.org/32703nvd
- www.securityfocus.com/bid/22222nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2007/0337nvd
- www.vupen.com/english/advisories/2007/0930nvd
News mentions
0No linked articles in our index yet.