Sign-up

ID

VAR-200407-0073


CVE

CVE-2004-0485


TITLE

Apple Mac OS X help system may interpret inappropriate local script files

Trust: 0.8

sources: CERT/CC: VU#578798

DESCRIPTION

The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this vulnerability report. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Details on the nature of this vulnerability are not known at this time. There are a range of possibilities: from a vulnerability that allows for URLs to be obfuscated to full remote command execution through malicious URLs. This alert will be updated as new information becomes available

Trust: 3.42

sources: NVD: CVE-2004-0485 // CERT/CC: VU#578798 // CERT/CC: VU#210606 // JVNDB: JVNDB-2004-000930 // BID: 10400 // VULHUB: VHN-8915

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3.3

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.2.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.4

Trust: 0.3

sources: CERT/CC: VU#578798 // BID: 10400 // JVNDB: JVNDB-2004-000930 // CNNVD: CNNVD-200407-032 // NVD: CVE-2004-0485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0485
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#578798
value: 19.89

Trust: 0.8

CARNEGIE MELLON: VU#210606
value: 18.00

Trust: 0.8

NVD: CVE-2004-0485
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200407-032
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8915
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0485
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8915
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#578798 // CERT/CC: VU#210606 // VULHUB: VHN-8915 // JVNDB: JVNDB-2004-000930 // CNNVD: CNNVD-200407-032 // NVD: CVE-2004-0485

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000930 // NVD: CVE-2004-0485

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-032

TYPE

Unknown

Trust: 0.9

sources: BID: 10400 // CNNVD: CNNVD-200407-032

PATCH

title:top pageurl:https://www.apple.com/

Trust: 0.8

sources: JVNDB: JVNDB-2004-000930

EXTERNAL IDS

db:SECUNIAid:11622

Trust: 4.1

db:NVDid:CVE-2004-0485

Trust: 3.6

db:CERT/CCid:VU#210606

Trust: 3.3

db:SECTRACKid:1010167

Trust: 1.6

db:CERT/CCid:VU#578798

Trust: 0.8

db:JVNDBid:JVNDB-2004-000930

Trust: 0.8

db:CNNVDid:CNNVD-200407-032

Trust: 0.7

db:XFid:16166

Trust: 0.6

db:APPLEid:APPLE-SA-2004-05-28

Trust: 0.6

db:APPLEid:APPLE-SA-2004-05-21

Trust: 0.6

db:BIDid:10400

Trust: 0.4

db:VULHUBid:VHN-8915

Trust: 0.1

sources: CERT/CC: VU#578798 // CERT/CC: VU#210606 // VULHUB: VHN-8915 // BID: 10400 // JVNDB: JVNDB-2004-000930 // CNNVD: CNNVD-200407-032 // NVD: CVE-2004-0485

REFERENCES

url:http://secunia.com/advisories/11622/

Trust: 4.1

url:http://www.kb.cert.org/vuls/id/210606

Trust: 2.5

url:http://fundisom.com/owned/warning

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16166

Trust: 1.9

url:http://lists.apple.com/mhonarc/security-announce/msg00053.html

Trust: 1.7

url:http://lists.seifried.org/pipermail/security/2004-may/003743.html

Trust: 1.7

url:http://www.securitytracker.com/alerts/2004/may/1010167.html

Trust: 1.6

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 0.8

url:http://www.apple.com/support/security/security_updates.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2004-0485

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/16166

Trust: 0.6

sources: CERT/CC: VU#578798 // CERT/CC: VU#210606 // VULHUB: VHN-8915 // JVNDB: JVNDB-2004-000930 // CNNVD: CNNVD-200407-032 // NVD: CVE-2004-0485

CREDITS

Reni Puls※ rpuls@gmx.net

Trust: 0.6

sources: CNNVD: CNNVD-200407-032

SOURCES

db:CERT/CCid:VU#578798
db:CERT/CCid:VU#210606
db:VULHUBid:VHN-8915
db:BIDid:10400
db:JVNDBid:JVNDB-2004-000930
db:CNNVDid:CNNVD-200407-032
db:NVDid:CVE-2004-0485

LAST UPDATE DATE

2024-08-14T13:51:16.303000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#578798date:2004-05-24T00:00:00
db:CERT/CCid:VU#210606date:2006-05-01T00:00:00
db:VULHUBid:VHN-8915date:2017-07-11T00:00:00
db:BIDid:10400date:2009-07-12T05:16:00
db:JVNDBid:JVNDB-2004-000930date:2024-06-07T08:58:00
db:CNNVDid:CNNVD-200407-032date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0485date:2017-07-11T01:30:11.823

SOURCES RELEASE DATE

db:CERT/CCid:VU#578798date:2004-05-21T00:00:00
db:CERT/CCid:VU#210606date:2004-05-21T00:00:00
db:VULHUBid:VHN-8915date:2004-07-07T00:00:00
db:BIDid:10400date:2004-05-22T00:00:00
db:JVNDBid:JVNDB-2004-000930date:2024-06-07T00:00:00
db:CNNVDid:CNNVD-200407-032date:2004-05-22T00:00:00
db:NVDid:CVE-2004-0485date:2004-07-07T04:00:00