Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0486

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2004-0486
Last Modified 05 Sep 2008 04:38:32
Published 07 Jul 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0486

Summary

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.3

  • Apple Mac Os X 10.3.1

  • Apple Mac Os X 10.3.2

  • Apple Mac Os X 10.3.3

  • Apple Mac Os X Server 10.3

  • Apple Mac Os X Server 10.3.1

  • Apple Mac Os X Server 10.3.2

  • Apple Mac Os X Server 10.3.3


References

CERT-VN - VU#578798

BID - 10356

SECUNIA - 11622

XF - macos-runscript-code-execution(16166)

MISC - http://www.fundisom.com/owned/warning

APPLE - APPLE-SA-2004-05-21

OSVDB - 6184

SECTRACK - 1010167

FULLDISC - 20040516 Vuln. MacOSX/Safari: Remote help-call, execute scripts


Last Updated: 27 May 2016 10:38:37