CVE-2007-6165
Mail in Apple Mac OS X Leopard (10.5.1) - RCE
Title source: llmDescription
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16870
exploitdb
WRITEUP
VERIFIED
by heise Security · textremoteosx
https://www.exploit-db.com/exploits/30781
References (11)
Scores
EPSS
0.3855
EPSS Percentile
97.3%
Details
CWE
CWE-20
CWE-264
Status
published
Products (1)
apple/mac_os_x
10.5
Published
Nov 29, 2007
Tracked Since
Feb 18, 2026