CVE-2004-0486

Current Description

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.

Basic Data

PublishedJuly 07, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.6
SeverityHIGH
Exploitability Score4.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSAppleMac Os X10.3*******
    2.3OSAppleMac Os X10.3.1*******
    2.3OSAppleMac Os X10.3.2*******
    2.3OSAppleMac Os X10.3.3*******
    2.3OSAppleMac Os X Server10.3*******
    2.3OSAppleMac Os X Server10.3.1*******
    2.3OSAppleMac Os X Server10.3.2*******
    2.3OSAppleMac Os X Server10.3.3*******

Vulnerable Software List

VendorProductVersions
Apple Mac Os X Server 10.3, 10.3.1, 10.3.2, 10.3.3
Apple Mac Os X 10.3, 10.3.1, 10.3.2, 10.3.3

References

NameSourceURLTags
20040516 Vuln. MacOSX/Safari: Remote help-call, execute scriptshttp://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.htmlFULLDISC
APPLE-SA-2004-05-21http://lists.apple.com/mhonarc/security-announce/msg00053.htmlAPPLE
11622http://secunia.com/advisories/11622/SECUNIAPATCH Vendor Advisory
1010167http://securitytracker.com/id?1010167SECTRACK
http://www.fundisom.com/owned/warninghttp://www.fundisom.com/owned/warningMISCVendor Advisory
VU#578798http://www.kb.cert.org/vuls/id/578798CERT-VNPATCH Third Party Advisory US Government Resource
6184http://www.osvdb.org/6184OSVDB
10356http://www.securityfocus.com/bid/10356BIDExploit PATCH Vendor Advisory
macos-runscript-code-execution(16166)https://exchange.xforce.ibmcloud.com/vulnerabilities/16166XF