CVE-2011-0173

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

Published: Mar 23, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0173
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	10.6.3	10.6.3.x
apple / mac_os_x	-	10.6.6.x
apple / mac_os_x	10.6.1	10.6.1.x
apple / mac_os_x	10.6.0	10.6.0.x
apple / mac_os_x	10.6.2	10.6.2.x
apple / mac_os_x	10.6.4	10.6.4.x
apple / mac_os_x	10.6.5	10.6.5.x
apple / applescript	-	-
apple / mac_os_x_server	10.6.3	10.6.3.x
apple / mac_os_x_server	-	10.6.6.x
apple / mac_os_x_server	10.6.4	10.6.4.x
apple / mac_os_x_server	10.6.5	10.6.5.x
apple / mac_os_x_server	10.6.1	10.6.1.x
apple / mac_os_x_server	10.6.2	10.6.2.x
apple / mac_os_x_server	10.6.0	10.6.0.x

Vulnerability Database

289,697

CVE-2011-0173