Intrusion PreventionApple.iChat.aim.URL.Handler.Format.String
Description
This indicates an attack attempt against format string vulnerability in Apple iChat.
The vulnerability is caused by an error when handling an "aim://" URI with a specially crafted argument, which could be exploited by attackers to crash a vulnerable application or potentially compromise an affected system by enticing users into visiting a specially crafted web page.
Affected Products
Apple Mac OS X version 10.3.9 and prior.
Apple Mac OS X Server version 10.3.9 and prior.
Apple Mac OS X version 10.4.8 and prior.
Apple Mac OS X Server version 10.4.8 and prior.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply patch, available from the web site:
Security Update 2007-002 (Universal):
Security Update 2007-002 (PPC):
Security Update 2007-002 (Panther):
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 14215 |
| Created | Feb 28, 2007 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2007-0021 |
| Exploit Prediction Score | 49.23% |
| Default Action | drop |
| Active | |
| Affected OS | MacOS |
| Affected App | Apple, IM |