VYPR

Ichat

by Apple Inc.

CVEs (12)

  • CVE-2009-0152HigMay 13, 2009
    risk 0.49cvss 7.5epss 0.02

    iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2007-0021Jan 23, 2007
    risk 0.05cvss epss 0.23

    Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

  • CVE-2007-0613Jan 31, 2007
    risk 0.04cvss epss 0.07

    The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted…

  • CVE-2007-0614Jan 31, 2007
    risk 0.04cvss epss 0.08

    The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.

  • CVE-2007-0710Feb 16, 2007
    risk 0.03cvss epss 0.03

    The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.

  • CVE-2007-2390May 24, 2007
    risk 0.01cvss epss 0.09

    Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

  • CVE-2010-1374Jun 17, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.

  • CVE-2007-5851Dec 19, 2007
    risk 0.00cvss epss 0.01

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

  • CVE-2007-3748Aug 3, 2007
    risk 0.00cvss epss 0.02

    Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

  • CVE-2007-3746Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.

  • CVE-2007-3747Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.

  • CVE-2004-0873Dec 23, 2004
    risk 0.00cvss epss 0.01

    Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.