Details of VAR-200412-0022

ID

VAR-200412-0022

CVE

CVE-2004-0873

TITLE

Apple iChat Remote Connection Application Execution Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-103

DESCRIPTION

Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program. This issue is due to a design error that allows attacker to execute arbitrary commands through a vulnerable application. An attacker can leverage this issue to execute arbitrary application on an unsuspecting user's computer. The impact of this issue may be increased when an attacker entices a victim to first download an application or has another means of placing an application on the victim's computer, and then exploits this issue to execute it. Apple iChat is a video chat program

Trust: 1.26

sources: NVD: CVE-2004-0873 // BID: 11207 // VULHUB: VHN-9303

AFFECTED PRODUCTS

vendor:	apple	model:	ichat av	scope:	eq	version:	2.1	Trust: 1.9
vendor:	apple	model:	ichat av	scope:	eq	version:	2.0	Trust: 1.9
vendor:	apple	model:	ichat	scope:	eq	version:	1.0.1	Trust: 1.9

sources: BID: 11207 // CNNVD: CNNVD-200412-103 // NVD: CVE-2004-0873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0873
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-103
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9303
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0873
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9303
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9303 // CNNVD: CNNVD-200412-103 // NVD: CVE-2004-0873

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-103

TYPE

Design Error

Trust: 0.9

sources: BID: 11207 // CNNVD: CNNVD-200412-103

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0873	Trust: 2.0
db:	CNNVD	id:	CNNVD-200412-103	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-09-16	Trust: 0.6
db:	XF	id:	17420	Trust: 0.6
db:	BID	id:	11207	Trust: 0.4
db:	VULHUB	id:	VHN-9303	Trust: 0.1

sources: VULHUB: VHN-9303 // BID: 11207 // CNNVD: CNNVD-200412-103 // NVD: CVE-2004-0873

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2004/sep/msg00001.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17420	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17420	Trust: 0.6
url:	http://www.apple.com/ichat/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-9303 // BID: 11207 // CNNVD: CNNVD-200412-103 // NVD: CVE-2004-0873

CREDITS

aaron@vtty.com※>aaron@vtty.com</a>※ aaron@vtty.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-103

SOURCES

db:	VULHUB	id:	VHN-9303
db:	BID	id:	11207
db:	CNNVD	id:	CNNVD-200412-103
db:	NVD	id:	CVE-2004-0873

LAST UPDATE DATE

2024-08-14T15:45:44.309000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9303	date:	2017-07-11T00:00:00
db:	BID	id:	11207	date:	2009-07-12T07:06:00
db:	CNNVD	id:	CNNVD-200412-103	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0873	date:	2017-07-11T01:30:32.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9303	date:	2004-12-23T00:00:00
db:	BID	id:	11207	date:	2004-09-17T00:00:00
db:	CNNVD	id:	CNNVD-200412-103	date:	2004-09-17T00:00:00
db:	NVD	id:	CVE-2004-0873	date:	2004-12-23T05:00:00