Unrated severityNVD Advisory· Published Oct 24, 2013· Updated Jun 16, 2026
CVE-2013-5135
CVE-2013-5135
Description
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
Affected products
22cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*range: <=3.5.3
- cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*
- (no CPE)range: <3.5.4
cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*range: <=10.8.5
- (no CPE)range: <10.9
Patches
Vulnerability mechanics
References
3- lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2013/Oct/msg00007.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2013/Oct/msg00008.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.