Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1032

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1032
Last Modified 07 Mar 2011 12:00:00
Published 02 Jun 2008 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1032

Summary

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4.11

  • Apple Mac Os X 10.5

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X Server 10.4.11

  • Apple Mac Os X Server 10.5

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2


References

CERT - TA08-150A

BID - 29412

APPLE - APPLE-SA-2008-05-28

XF - macosx-coretypes-weak-security(42711)

VUPEN - ADV-2008-1697

BID - 29481

SECTRACK - 1020137

SECUNIA - 30430

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:47:00