CWE-200

Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries.

notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.

Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.

The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.