cpe:/a:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.7 CVE-2009-2191 2009-08-06T12:30:00.390-04:00 2017-08-16T21:30:41.460-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-08-07T10:07:00.000-04:00 ALLOWS_USER_ACCESS BID 35954 SECUNIA 36096 OSVDB 56840 VUPEN ADV-2009-2172 APPLE APPLE-SA-2009-08-05-1 CERT TA09-218A CONFIRM http://support.apple.com/kb/HT3757 XF macosx-loginwindow-format-string(52428) Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.