CVE-2013-5135

Apple Remote Desktop < 3.5.4 - Remote Code Execution via VNC Username Format String

Title source: llm
STIX 2.1

Description

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html

Scores

EPSS 0.1083
EPSS Percentile 95.3%

Details

CWE
CWE-134
Status published
Products (20)
apple/apple_remote_desktop 3.0.0
apple/apple_remote_desktop 3.1
apple/apple_remote_desktop 3.2
apple/apple_remote_desktop 3.2.1
apple/apple_remote_desktop 3.2.2
apple/apple_remote_desktop 3.3
apple/apple_remote_desktop 3.3.1
apple/apple_remote_desktop 3.3.2
apple/apple_remote_desktop 3.4
apple/apple_remote_desktop 3.5
... and 10 more
Published Oct 24, 2013
Tracked Since Feb 18, 2026