CVE-2013-5135

Apple Mac OS X <10.9 - RCE

Title source: llm

Description

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

References (3)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html

Scores

EPSS 0.0304

EPSS Percentile 86.7%

Details

CWE

CWE-134

Status published

Products (20)

apple/apple_remote_desktop 3.0.0

apple/apple_remote_desktop 3.1

apple/apple_remote_desktop 3.2

apple/apple_remote_desktop 3.2.1

apple/apple_remote_desktop 3.2.2

apple/apple_remote_desktop 3.3

apple/apple_remote_desktop 3.3.1

apple/apple_remote_desktop 3.3.2

apple/apple_remote_desktop 3.4

apple/apple_remote_desktop 3.5

... and 10 more

Published Oct 24, 2013

Tracked Since Feb 18, 2026