Apple iChat AIM URL Handler Remote Format String Vulnerability

Bugtraq ID:	22146
Class:	Input Validation Error
CVE:	CVE-2007-0021
Remote:	Yes
Local:	No
Published:	Jan 20 2007 12:00AM
Updated:	Feb 20 2007 08:27PM
Credit:	LMH <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	Apple iChat 3.1.6
Not Vulnerable:

Apple iChat AIM URL Handler Remote Format String Vulnerability

Apple iChat is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

Apple iChat version 3.1.6 (v441) is reported vulnerable; other versions may also be affected.

Apple iChat AIM URL Handler Remote Format String Vulnerability

To exploit this issue, an attacker must entice a victim user to open a malicious file.

The following proof of concept is available:

• /data/vulnerabilities/exploits/MOAB-20-01-2007.html

Apple iChat AIM URL Handler Remote Format String Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.

Apple iChat AIM URL Handler Remote Format String Vulnerability

References:

• iChat Home Page (Apple)
  
• MOAB-20-01-2007: Apple iChat aim:// URL Handler Format String Vulnerability (LMH )
  
• Vulnerability Note VU#794752 - Apple iChat AIM URI handler format string vulnera (US-CERT)