Signature Detail

HTTP: Apple iChat AIM URL Handler Remote Format String Vulnerability

This signature detects attempts to exploit a know vulnerability in Apple iChat. An attacker can create a malicious Web site with Web pages containing dangerous format string urls, which if accessed by a victim, allows the attacker to can gain control of the target system.

Extended Description

Apple iChat is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers. Apple iChat version 3.1.6 (v441) is reported vulnerable; other versions may also be affected.

Affected Products

• Apple iChat 3.1.6

References

• BugTraq: 22146
• CVE: CVE-2007-0021
• URL: http://www.kb.cert.org/vuls/id/794752
• URL: http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html