CVE-2007-2386

Apple Mac OS X <10.4.9 - Buffer Overflow

Title source: llm

Description

Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/16871

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by ddz · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/mdns/upnp_location.rb

View Code ZIP pw:eip

References (13)

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=305530

[Mailing List] http://lists.apple.com/archives/security-announce/2007/Jun/msg00001.html

[Mailing List] http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

[US Government Resource] http://www.kb.cert.org/vuls/id/221876

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34493

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24144

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24159

[Third Party Advisory, VDB Entry] http://www.osvdb.org/35142

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018123

[Third Party Advisory] http://secunia.com/advisories/25402

[Third Party Advisory] http://secunia.com/advisories/25745

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1939

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2269

Scores

EPSS 0.7416

EPSS Percentile 98.9%

Details

Status published

Products (9)

apple/mac_os_x 10.4

apple/mac_os_x 10.4.1

apple/mac_os_x 10.4.2

apple/mac_os_x 10.4.3

apple/mac_os_x 10.4.4

apple/mac_os_x 10.4.5

apple/mac_os_x 10.4.6

apple/mac_os_x 10.4.7

apple/mac_os_x 10.4.8

Published May 24, 2007

Tracked Since Feb 18, 2026