Description
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.
Exploits (1)
References (6)
Core 6
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22086
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0238
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/32688
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3139
Exploit x_refsource_misc
http://projects.info-pull.com/moab/MOAB-16-01-2007.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23801
Scores
EPSS
0.2421
EPSS Percentile
96.1%
Details
CWE
CWE-134
Status
published
Products (1)
colloquy/colloquy
< 2.1
Published
Jan 18, 2007
Tracked Since
Feb 18, 2026