Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:420316
HistoryAug 17, 2005 - 12:00 a.m.

Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files

2005-08-1700:00:00
www.kb.cert.org
23

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.4%

JSON

Overview

Apple Mac OS X WebKit and Safari security controls may be bypassed, possibly allowing remote command execution.

Description

Mac OS X includes the Safari web browser, which can display Portable Document Format (PDF) files directly. This functionality is part of the WebKit system framework. The PDF rendering code in Safari is able to call the URLs directly rather than through the Safari browser. This may allow some security controls defined in Safari to be bypassed, leading to possible arbitrary command execution.

Impact

A remote, unauthenticated attacker may be able to persuade a user to click on a PDF file link within Safari, leading to remote command execution.

Solution

Apply an update

Please see Apple Security Update 2005-007 for details on workarounds, fixes, and updates.

Vendor Information

420316

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Updated: August 17, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Apple Security Update 2005-007 for details on workarounds, fixes, and updates.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23420316 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Apple Product Security for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-2522
Severity Metric: 10.41 Date Public:

Related

nvd 1
cve 1
cvelist 1
securityvulns 1
nessus 1
nvd
nvd
CVE-2005-2522
2005-08-19 04:00:00
cve
cve
CVE-2005-2522
2005-08-19 04:00:00
cvelist
cvelist
CVE-2005-2522
2005-08-19 04:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA05-229A -- Apple Mac Products are Affected by Multiple Vulnerabilities
2005-08-18 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
2005-08-18 00:00:00

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.4%

JSON
Related for VU:420316
nvd1cve1cvelist1securityvulns1nessus1