VARIoT IoT vulnerabilities database
VAR-200506-0133 | CVE-2005-0488 |
Telnet Client Information Disclosure Vulnerability
Related entries in the VARIoT exploits database: VAR-E-200506-0356 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. Included with many products Telnet Clients NEW-ENVIRON By command Telnet There is a problem that the environment variable information is illegally taken because the restriction of the environment variable sent to the server is inappropriate.By a third party IFRAME Tag and "TELNET://" Formal URI Etc., Web Malicious via page or email Telnet By enticing a target user to connect to a server, they may be able to obtain important information about the target system, such as the user's name, search path for executables, and locations of important data. still, Microsoft Windows 2000 Is not affected by this issue, Microsoft Windows Services for UNIX If you are using, you may be affected by this issue. Also some Linux Included with the distribution Kerberos Has been reported to be affected by this issue. Telnet clients provided by multiple vendors are prone to a remote information-disclosure vulnerability.
Attackers can retrieve any information stored in the environment of clients using the affected telnet application.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Microsoft Telnet Client Information Disclosure Weakness
SECUNIA ADVISORY ID:
SA15690
VERIFY ADVISORY:
http://secunia.com/advisories/15690/
CRITICAL:
Not critical
IMPACT:
Exposure of system information
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
SOFTWARE:
Microsoft Windows Services for UNIX 2.x
http://secunia.com/product/5243/
Microsoft Windows Services for UNIX 3.x
http://secunia.com/product/5244/
DESCRIPTION:
Ga\xebl Delalleau has reported a weakness has been reported in Microsoft
Windows, which can be exploited by malicious people to gain knowledge
of various information.
Successful exploitation requires that a user e.g. visits a malicious
web site or is tricked into clicking a specially crafted link.
SOLUTION:
Apply patches.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200608-0055 | CVE-2006-3505 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. Additionally, this update fixes multiple vulnerabilities in some other third-party products
VAR-200608-0038 | CVE-2006-1472 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. If the file name itself is sensitive information, it may lead to information disclosure; if the permissions allow, the attacker can also access the file content
VAR-200608-0041 | CVE-2006-0392 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0037 | CVE-2006-3504 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0039 | CVE-2006-1473 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit
VAR-200608-0033 | CVE-2006-3500 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0032 | CVE-2006-3499 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. This output contains sensitive or user-specified content, so privileged applications that parse or reuse standard error may be adversely affected
VAR-200608-0036 | CVE-2006-3503 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0035 | CVE-2006-3502 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0034 | CVE-2006-3501 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0030 | CVE-2006-3497 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. The latest Mac OS X update fixes multiple vulnerabilities, as follows: Bom's compacted state handling could lead to heap corruption
VAR-200608-0029 | CVE-2006-3496 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0031 | CVE-2006-3498 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. There is a stack overflow in the request processing of bootpd
VAR-200608-0028 | CVE-2006-3495 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information
VAR-200608-0042 | CVE-2006-0393 | Apple Mac OS X AFP server may disclose file and folder information in search results |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system.
These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. Attackers can use this behavior to detect whether a specific account exists, and a large number of attempts can also cause a denial of service
VAR-200504-0292 | CVE-2005-1228 |
gzip of zgrep Vulnerable to arbitrary command execution
Related entries in the VARIoT exploits database: VAR-E-200504-0243 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ GNU zip (gzip) Is a utility that compresses and decompresses files. grep Run zgrep Or unzip the compressed file gunzip Each tool is packaged. Gzip 1.2.4 Previously, there were several security issues: 1) gzip 1.2.4 Included before zgrep There is a problem that does not properly sanitize arguments. (CAN-2005-0758) Details are currently unknown, but local attackers who exploit this issue zgrep An arbitrary command may be executed by passing an intentional file name to. 2) gzip 1.2.4 Previously, when decompressing a compressed file, there was a problem that caused a race condition between writing the decompressed file and changing permissions. (CAN-2005-0988) A local attacker who exploits this issue could alter the permissions of an arbitrary file by replacing the decompressed file with a hard link to the arbitrary file at a specific time. 3) gzip 1.2.4 Included before gunzip Is -N When decompressing a compressed file with a flag, there is a problem that the validity of the file name is not properly checked. (CAN-2005-1228) A remote attacker who exploits this issue ".." Send a compressed file that is a compressed file containing an intentional character string to the target user gzip Inducing a directory traversal attack by inducing unpacking with.Please refer to the “Overview” for the impact of this vulnerability. The gzip utility is prone to a directory-traversal vulnerability. The issue occurs when gunzip is invoked on a malicious archive using the '-N' option.
An archive containing an absolute path for a filename that contains '/' characters can cause the file to be written using the absolute path contained in the filename.
A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: gzip: Multiple vulnerabilities
Date: May 09, 2005
Bugs: #89946, #90626
ID: 200505-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
gzip contains multiple vulnerabilities potentially allowing an attacker
to execute arbitrary commands. The zgrep utility improperly
sanitizes arguments, which may come from an untrusted source
(CAN-2005-0758).
Impact
======
These vulnerabilities could allow arbitrary command execution, changing
the permissions of arbitrary files, and installation of files to an
aribitrary location in the filesystem.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All gzip users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6"
References
==========
[ 1 ] CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
[ 2 ] CAN-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
[ 3 ] CAN-2005-1228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
VAR-200505-0572 | CVE-2005-0356 |
TCP does not adequately validate segments before updating timestamp value
Related entries in the VARIoT exploits database: VAR-E-200505-0236 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition. TCP The implementation of the time stamp option is TCP A vulnerability exists that allows the internal timer on a connection to be changed to any value.the system TCP Connection reset and service disruption (DoS) It may be in a state. The Transmission Control Protocol (TCP) defined in RFC 793 allows reliable host-to-host transmission in a message exchange network. RFC 1323 introduces a number of technologies that enhance TCP performance, two of which are TCP timestamps and sequence number rollback protection (PAWS).
There are security holes in the PAWS technology of TCP RFC 1323. If TCP timestamps are enabled, both endpoints of the TCP connection use the internal clock to mark the TCP header with the timestamp value.
This vulnerability can occur if an attacker sends enough TCP PAWS packets to the vulnerable computer. An attacker can set the message timestamp to a large value. When the target machine processes this message, the internal timer will be updated to this value, which may cause all valid messages received afterwards to be discarded because these messages are considered too old or invalid. This technique may cause the target connection to deny service.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Cisco Various Products TCP Timestamp Denial of Service
SECUNIA ADVISORY ID:
SA15393
VERIFY ADVISORY:
http://secunia.com/advisories/15393/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Cisco SN5400 Series Storage Routers
http://secunia.com/product/2188/
Cisco MGX 8900 Series Multiservice Switches
http://secunia.com/product/5117/
Cisco MGX 8800 Series Multiservice Switches
http://secunia.com/product/5116/
Cisco MGX 8200 Series Edge Concentrators
http://secunia.com/product/5115/
Cisco Content Services Switch 11000 Series (WebNS)
http://secunia.com/product/1507/
Cisco Aironet 350 Series Access Point
http://secunia.com/product/5114/
Cisco Aironet 1200 Series Access Point
http://secunia.com/product/1929/
DESCRIPTION:
A vulnerability has been reported in some Cisco products, which can
be exploited by malicious people to cause a DoS (Denial of Service)
on active TCP sessions.
Successful exploitation requires knowledge of IP address information
of the source and destination of the TCP network connection.
The vulnerability affects the following products:
* SN5400 series storage routers
* CSS11000 series content services switches
* AP350 and AP1200 series Access Points running VxWorks
* MGX8200, MGX8800, and MGX8900 series WAN switches (only management
interfaces)
SOLUTION:
SN5400 series storage routers:
The vulnerability has been addressed by CSCin85370.
CSS11000 series content services switches:
The vulnerability has been addressed by CSCeh40395.
AP350 and AP1200 series Access Points:
The vendor recommends upgrading APs running VxWorks to Cisco IOS.
MGX series WAN switches:
The vulnerability has been documented by CSCeh85125 and CSCeh85130.
PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Noritoshi Demizu.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
OTHER REFERENCES:
US-CERT VU#637934:
http://www.kb.cert.org/vuls/id/637934
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Cisco has acknowledged
that various Cisco products are affected.
The published Internet-Draft details three types of attacks, which
utilize the following ICMP messages to cause a negative impact on TCP
connections either terminating or originating from a vulnerable
device.
1) ICMP "hard" error messages
2) ICMP "fragmentation needed and Don't Fragment (DF) bit set"
messages (known as PMTUD attacks)
3) ICMP "source quench" messages
These attacks can all be exploited to cause TCP connection resets,
reduce the throughput in existing TCP connections, or consume large
amounts of CPU and memory resources.
NOTE: See the original advisory for a list of affected versions.
SOLUTION:
See patch matrix in vendor advisory for information about fixes
VAR-200504-0247 | No CVE | F5 BIG-IP User Interface Login Credential Caching Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
A vulnerability is present in the F5 BIG-IP user interface.
This issue exists because the Configuration utility does not check the credentials for additional sessions from a user once they are logged in.
Versions 9.0.2 through to 9.0.4 of BIG-IP are reported vulnerable to this issue.
VAR-200505-1089 | CVE-2005-0976 | Apple WebCore Framework XMLHttpRequests Remote Code Execution Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. Web browsers based on AppleWebKit may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. A remote code execution vulnerability affects Apple's WebCore Framework. This issue is due to a failure of the affected framework library to securely handle remote scripts.
An attacker may leverage this issue to execute arbitrary code with the privileges of a user that activated the malicious remote script, facilitating unauthorized access and privilege escalation