CVE-2007-0465

Apple Installer 2.1.5 - Remote Code Execution via Format String in Package Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0465. PoCs published by LMH.

AI-analyzed exploit summary This exploit leverages a format-string vulnerability in Apple Installer by crafting a malicious package filename with format specifiers and a memory address. The payload attempts to overwrite memory via format string manipulation, potentially leading to arbitrary code execution.

Description

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LMH · textdososx

https://www.exploit-db.com/exploits/29532

View Code ZIP pw:eip

This exploit leverages a format-string vulnerability in Apple Installer by crafting a malicious package filename with format specifiers and a memory address. The payload attempts to overwrite memory via format string manipulation, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Apple Installer Version 2.1.5 on Mac OS X 10.4.8

No auth needed

Prerequisites: ability to create a file with a malicious name on the target system · user interaction to open the malicious package

MITRE ATT&CK