Sign-up

ID

VAR-200407-0074


CVE

CVE-2004-0486


TITLE

Apple Mac OS X Help Protocol Remote Code Execution Vulnerability

Trust: 0.9

sources: BID: 10356 // CNNVD: CNNVD-200407-027

DESCRIPTION

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. A vulnerability has been reported in the default "disk://" protocol handler installed on Apple Mac OS X systems. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this vulnerability report. apple's Apple Mac OS X and Apple Mac OS X Server Exists in unspecified vulnerabilities.None. It has been reported that the 'help:' protocol can be invoked remotely by the Safari web browser. This could allow an attacker to craft a malicious link and entice a user to follow the link in order to execute script code via the help application. It has been reported that this issue can be exploited to execute arbitrary code with minimal user interaction. Reportedly, an attacker can exploit this issue by simply enticing a user to visit a malicious site. An attacker can also use HTML email as an attack vector to exploit this vulnerability. For example, an attacker can embed HTML into Apple Mail and send it as a link to a vulnerable user. If the user follows the link, script code will be executed. Successful exploitation of this issue may allow a remote attacker to gain unauthorized access to a vulnerable system in the context of an affected user. Other web browsers that support the 'help:' protocol may also present an attack vector for this issue

Trust: 3.42

sources: NVD: CVE-2004-0486 // CERT/CC: VU#578798 // CERT/CC: VU#210606 // JVNDB: JVNDB-2004-000932 // BID: 10356 // VULHUB: VHN-8916

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3.2

Trust: 0.8

vendor:アップルmodel:apple mac os x serverscope:eqversion:10.3.1

Trust: 0.8

vendor:アップルmodel:apple mac os x serverscope:eqversion:10.3

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:server 10.3.1

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:server 10.3.2

Trust: 0.8

vendor:アップルmodel:apple mac os x serverscope:eqversion:10.3.3

Trust: 0.8

vendor:アップルmodel:apple mac os x serverscope:eqversion:10.3.2

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3.1

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:server 10.3.3

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:server 10.3

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3.3

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

sources: CERT/CC: VU#578798 // BID: 10356 // JVNDB: JVNDB-2004-000932 // CNNVD: CNNVD-200407-027 // NVD: CVE-2004-0486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0486
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#578798
value: 19.89

Trust: 0.8

CARNEGIE MELLON: VU#210606
value: 18.00

Trust: 0.8

NVD: CVE-2004-0486
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200407-027
value: HIGH

Trust: 0.6

VULHUB: VHN-8916
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0486
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8916
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#578798 // CERT/CC: VU#210606 // VULHUB: VHN-8916 // JVNDB: JVNDB-2004-000932 // CNNVD: CNNVD-200407-027 // NVD: CVE-2004-0486

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000932 // NVD: CVE-2004-0486

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-027

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200407-027

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8916

PATCH
title:top pageurl:https://www.apple.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2004-000932

EXTERNAL IDS
db:SECUNIAid:11622
Trust: 4.1
db:SECTRACKid:1010167
Trust: 4.1
db:NVDid:CVE-2004-0486
Trust: 3.6
db:CERT/CCid:VU#578798
Trust: 3.3
db:BIDid:10356
Trust: 2.8
db:OSVDBid:6184
Trust: 1.7
db:CERT/CCid:VU#210606
Trust: 1.1
db:JVNDBid:JVNDB-2004-000932
Trust: 0.8
db:FULLDISCid:20040516 VULN. MACOSX/SAFARI: REMOTE HELP-CALL, EXECUTE SCRIPTS
Trust: 0.6
db:APPLEid:APPLE-SA-2004-05-21
Trust: 0.6
db:XFid:16166
Trust: 0.6
db:CNNVDid:CNNVD-200407-027
Trust: 0.6
db:EXPLOIT-DBid:24121
Trust: 0.1
db:SEEBUGid:SSVID-77857
Trust: 0.1
db:VULHUBid:VHN-8916
Trust: 0.1
sources:
            
            
            CERT/CC: VU#578798 // 
            
            
            
            CERT/CC: VU#210606 // 
            
            
            
            VULHUB: VHN-8916 // 
            
            
            
            BID: 10356 // 
            
            
            
            JVNDB: JVNDB-2004-000932 // 
            
            
            
            CNNVD: CNNVD-200407-027 // 
            
            
            
            NVD: CVE-2004-0486

REFERENCES
url:http://secunia.com/advisories/11622/
Trust: 4.1
url:http://www.securityfocus.com/bid/10356
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/578798
Trust: 2.5
url:http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.html
Trust: 2.5
url:http://www.fundisom.com/owned/warning
Trust: 2.5
url:http://securitytracker.com/id?1010167
Trust: 2.5
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16166
Trust: 1.9
url:http://lists.apple.com/mhonarc/security-announce/msg00053.html
Trust: 1.7
url:http://www.osvdb.org/6184
Trust: 1.7
url:http://www.securitytracker.com/alerts/2004/may/1010167.html
Trust: 1.6
url:http://docs.info.apple.com/article.html?artnum=61798
Trust: 0.8
url:http://www.apple.com/support/security/security_updates.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2004-0486
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/210606
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/16166
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#578798 // 
            
            
            
            CERT/CC: VU#210606 // 
            
            
            
            VULHUB: VHN-8916 // 
            
            
            
            BID: 10356 // 
            
            
            
            JVNDB: JVNDB-2004-000932 // 
            
            
            
            CNNVD: CNNVD-200407-027 // 
            
            
            
            NVD: CVE-2004-0486

CREDITS
Troels Bay※ troelsbay@troelsbay.dk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200407-027

SOURCES
db:CERT/CCid:VU#578798
db:CERT/CCid:VU#210606
db:VULHUBid:VHN-8916
db:BIDid:10356
db:JVNDBid:JVNDB-2004-000932
db:CNNVDid:CNNVD-200407-027
db:NVDid:CVE-2004-0486

LAST UPDATE DATE
2024-08-14T13:51:16.382000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#578798date:2004-05-24T00:00:00
db:CERT/CCid:VU#210606date:2006-05-01T00:00:00
db:VULHUBid:VHN-8916date:2017-07-11T00:00:00
db:BIDid:10356date:2009-07-12T04:07:00
db:JVNDBid:JVNDB-2004-000932date:2024-06-07T08:58:00
db:CNNVDid:CNNVD-200407-027date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0486date:2017-07-11T01:30:12.120

SOURCES RELEASE DATE
db:CERT/CCid:VU#578798date:2004-05-21T00:00:00
db:CERT/CCid:VU#210606date:2004-05-21T00:00:00
db:VULHUBid:VHN-8916date:2004-07-07T00:00:00
db:BIDid:10356date:2004-05-17T00:00:00
db:JVNDBid:JVNDB-2004-000932date:2024-06-07T00:00:00
db:CNNVDid:CNNVD-200407-027date:2004-05-17T00:00:00
db:NVDid:CVE-2004-0486date:2004-07-07T04:00:00