Описание
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13878
Средний
7.6 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
EPSS
Процентиль: 94%
0.13878
Средний
7.6 High
CVSS2
Дефекты
NVD-CWE-Other