CVE-2007-5863

Apple Mac OS X 10.5.1 - Command Injection

Title source: llm

Description

Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/16867

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/software_update.rb

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=307179

[Mailing List] http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-352A.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39111

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485237/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26908

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1019106

[Third Party Advisory] http://secunia.com/advisories/28136

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4238

Scores

EPSS 0.7439

EPSS Percentile 98.9%

Details

CWE

CWE-310

Status published

Products (2)

apple/mac_os_x 10.5.1

apple/mac_os_x_server 10.5.1

Published Dec 19, 2007

Tracked Since Feb 18, 2026