CyberSec.Space Logo
Back to CVE Browser

CVE-2013-5135

HIGH
7.5
CVSS Severity Score
EPSS Score0.0920%
EPSS Percentile26.35th
PublishedOct 24, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

Affected Platforms (CPE)

πŸ“¦
Apple

Apple Remote Desktop

<= 3.5.3
πŸ“¦
Apple

Apple Remote Desktop

= 3.0.0
πŸ“¦
Apple

Apple Remote Desktop

= 3.1
πŸ“¦
Apple

Apple Remote Desktop

= 3.2
πŸ“¦
Apple

Apple Remote Desktop

= 3.2.1
πŸ“¦
Apple

Apple Remote Desktop

= 3.2.2
πŸ“¦
Apple

Apple Remote Desktop

= 3.3
πŸ“¦
Apple

Apple Remote Desktop

= 3.3.1
πŸ“¦
Apple

Apple Remote Desktop

= 3.3.2
πŸ“¦
Apple

Apple Remote Desktop

= 3.4
πŸ“¦
Apple

Apple Remote Desktop

= 3.5
πŸ“¦
Apple

Apple Remote Desktop

= 3.5.1
πŸ“¦
Apple

Apple Remote Desktop

= 3.5.2
πŸ’»
Apple

Mac Os X

<= 10.8.5
πŸ’»
Apple

Mac Os X

= 10.8.0
πŸ’»
Apple

Mac Os X

= 10.8.1
πŸ’»
Apple

Mac Os X

= 10.8.2
πŸ’»
Apple

Mac Os X

= 10.8.3
πŸ’»
Apple

Mac Os X

= 10.8.4
πŸ’»
Apple

Mac Os X

= 10.8.5

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
πŸ”— http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html
πŸ”— http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html
πŸ”— http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
πŸ”— http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html
πŸ”— http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html

Related Vulnerabilities

CVE-2004-096210.0

Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator a...

CVE-2008-25409.3

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecogni...

CVE-2017-24887.5

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Se...

CVE-2006-44137.2

Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remo...