7.5
CVE-2002-0676
- EPSS 4.27%
- Veröffentlicht 11.07.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.27% | 0.898 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.cunap.com/~hardingr/projects/osx/exploit.html
http://www.iss.net/security_center/static/9502.php
http://www.osvdb.org/5137
http://www.securityfocus.com/bid/5176