CVE-2012-4284

Опубликовано: 10 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code

Ссылки

http://www.exploit-db.com/exploits/24579
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/55002
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://www.sparklabs.com/viscosity/releasenotes/mac/
Release Notes
Vendor Advisory
http://www.exploit-db.com/exploits/24579
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/55002
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://www.sparklabs.com/viscosity/releasenotes/mac/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sparklabs:viscosity:1.4.1:*:*:*:*:macos:*:*

EPSS

Процентиль: 98%

0.49444

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-f8g5-wppw-9vhr

github

почти 4 года назад