CVE-2004-0486

critical

Description

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16166

http://www.osvdb.org/6184

http://www.kb.cert.org/vuls/id/578798

http://www.fundisom.com/owned/warning

http://securitytracker.com/id?1010167

http://secunia.com/advisories/11622/

http://lists.apple.com/mhonarc/security-announce/msg00053.html

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.html

Details

Source: Mitre, NVD

Published: 2004-07-07

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical