CVE-2011-0173

AppleScript <10.6.7 - RCE

Title source: llm

Description

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

References (2)

[Patch, Vendor Advisory] http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

[Patch, Vendor Advisory] http://support.apple.com/kb/HT4581

Scores

EPSS 0.0066

EPSS Percentile 71.2%

Details

CWE

CWE-134

Status published

Products (15)

apple/applescript

apple/mac_os_x 10.6.0

apple/mac_os_x 10.6.1

apple/mac_os_x 10.6.2

apple/mac_os_x 10.6.3

apple/mac_os_x 10.6.4

apple/mac_os_x 10.6.5

apple/mac_os_x < 10.6.6

apple/mac_os_x_server 10.6.0

apple/mac_os_x_server 10.6.1

... and 5 more

Published Mar 23, 2011

Tracked Since Feb 18, 2026