CVE-2011-1516

Apple Mac OS X 10.5.x-10.7.x - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1516.

AI-analyzed exploit summary The provided code is a functional Python exploit for multiple SAP Netweaver Dispatcher vulnerabilities, including buffer overflows and DoS conditions. It demonstrates how to craft malicious SAP Diag packets to trigger vulnerabilities in functions like DiagTraceR3Info and DiagTraceHex.

Description

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.

Exploits (1)

exploitdb WORKING POC

doswindows

https://www.exploit-db.com/exploits/18853

View Code ZIP pw:eip

The provided code is a functional Python exploit for multiple SAP Netweaver Dispatcher vulnerabilities, including buffer overflows and DoS conditions. It demonstrates how to craft malicious SAP Diag packets to trigger vulnerabilities in functions like DiagTraceR3Info and DiagTraceHex.

Classification

Working Poc 100%

Attack Type

Rce | Dos

Complexity

Moderate

Reliability

Reliable

Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)

No auth needed

Prerequisites: Network access to SAP Dispatcher service (TCP port 32NN) · Developer Trace level 2 or 3 for certain vulnerabilities

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://www.coresecurity.com/content/apple-osx-sandbox-bypass

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/520479/100/100/threaded

Scores

EPSS 0.0365

EPSS Percentile 88.2%

Details

CWE

CWE-264

Status published

Products (21)

apple/mac_os_x 10.5.0

apple/mac_os_x 10.5.1

apple/mac_os_x 10.5.2

apple/mac_os_x 10.5.3

apple/mac_os_x 10.5.4

apple/mac_os_x 10.5.5

apple/mac_os_x 10.5.6

apple/mac_os_x 10.5.7

apple/mac_os_x 10.5.8

apple/mac_os_x 10.6.0

... and 11 more

Published Nov 15, 2011

Tracked Since Feb 18, 2026