Vulnerability Description
Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roxio | Toast | All versions |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html
- http://marc.info/?l=bugtraq&m=110305083706943&w=2
- http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt
- http://www.securityfocus.com/bid/11926
- http://www.securityfocus.com/bid/20031
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18472
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html
- http://marc.info/?l=bugtraq&m=110305083706943&w=2
- http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt
- http://www.securityfocus.com/bid/11926
- http://www.securityfocus.com/bid/20031
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18472
FAQ
What is CVE-2004-1398?
CVE-2004-1398 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format ...
How severe is CVE-2004-1398?
CVE-2004-1398 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1398?
Check the references section above for vendor advisories and patch information. Affected products include: Roxio Toast.