7.6

CVE-2004-0486

Exploit
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version10.3
ApplemacOS X Version10.3.1
ApplemacOS X Version10.3.2
ApplemacOS X Version10.3.3
ApplemacOS X Server Version10.3
ApplemacOS X Server Version10.3.1
ApplemacOS X Server Version10.3.2
ApplemacOS X Server Version10.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.66% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/mhonarc/security-announce/msg00053.html
http://secunia.com/advisories/11622/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16166
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.html
http://securitytracker.com/id?1010167
http://www.fundisom.com/owned/warning
Vendor Advisory
http://www.kb.cert.org/vuls/id/578798
Patch
Third Party Advisory
US Government Resource
http://www.osvdb.org/6184
http://www.securityfocus.com/bid/10356
Patch
Vendor Advisory
Exploit