Intrusion Prevention

Apple.Installer.Package.Filename.Format.String

Description

This indicates a possible exploit of a format-string vulnerability in Apple Installer on Mac OS X.
This vulnerability is caused by the application's failure to properly sanitize user input. Remote attackers may exploit this to execute arbitrary code by sending format string specifiers in the package file name.

Affected Products

Apple Installer 2.1.5

Impact

Privilege escalation.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.apple.com/

CVE References

CVE-2007-0465