7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.028 Low
EPSS
Percentile
90.5%
A vulnerability has been reported in the default URI protocol handler in Apple’s Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system.
A vulnerability has been reported in Apple’s Mac OS X runscript function of the Help.app
application. Using the “help://” URI handler, a remote attacker may be able to create an HTML file that will execute local scripts on the target user’s system. If exploited conjunction with VU#210606, a remote attacker may be able to execute arbitrary code of the attacker’s choosing. Browsers or other applications supporting this help system URI handler enabled by default on Mac OS X have been reported to be vulnerable.
A remote attacker may be able to run arbitrary files with interpretable script on a vulnerable system.
Download updated software per Apple’s Security Update notice:
http://www.apple.com/support/downloads/securityupdate__2004-05-24_(10_3_3).html
The download file is named: “SecUpd2004-05-24Pan.dmg”
Its SHA-1 digest is: 8e505ac4e36393f44e9d1b27ac0bd9a9e9f5b6a2
http://www.apple.com/support/downloads/securityupdate_2004-05-24_(10_2_8).html
The download file is named: “SecUpd2004-05-24Jag.dmg”
Its SHA-1 digest is: 8c084551505fb4e7131afbf8bce14475bdc5f946
According to a posting on Secunia, users may be able to mitigate the potential impact of this reported vulnerability by changing the protocol helpers (applications) for URI handlers which are not required, (e.g., disable “help://” execution).
578798
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 21, 2004 Updated: May 24, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see APPLE-SA-2004-05-21 Security Update 2004-05-24:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2004-05-21 Security Update 2004-05-24
Security Update 2004-05-24 is now available and contains security
enhancements for the following:
HelpViewer: Fixes CAN-2004-0486 to ensure that HelpViewer will only
process scripts that it initiated. Credit to lixlpixel
<[email protected]> for reporting this issue. This issue has been
widely reported as a problem with the Safari web browser, but can
affect other web browsers. This update will fix the issue for Safari
and other web browsers.
Terminal: Fixes CAN-2004-0485 to improve URL processing within
Terminal. Credit to Reni Puls <[email protected]> for reporting this
issue.
================================================
Security Update 2004-05-24 may be obtained from:
Software Update pane in System Preferences
Apple’s Software Downloads web site:
_<http://www.apple.com/support/downloads/securityupdate__2004-05-24_>_(
10_3_3).html
The download file is named: “SecUpd2004-05-24Pan.dmg”
Its SHA-1 digest is: 8e505ac4e36393f44e9d1b27ac0bd9a9e9f5b6a2
_<http://www.apple.com/support/downloads/securityupdate_2004-05-24_>_(
10_2_8).html
The download file is named: “SecUpd2004-05-24Jag.dmg”
Its SHA-1 digest is: 8c084551505fb4e7131afbf8bce14475bdc5f946
Information will also be posted to the Apple Product Security web
site:
_<http://www.apple.com/support/security/security_updates.html>_
This message is signed with Apple’s Product Security PGP key, and
details are available at:
_<http://www.apple.com/support/security/security_pgp.html>_
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBQK6iU5yw5owIz4TQAQILmQgAk3/3Ia/WtAVYx3DjK46A/EdaHFiWFBkm
wZAoj0YNCMbjrKJviqthqNRBQsro08WKDA9/xBJ94drHNfTye9WwRuFYa5zg7SnV
JIVxcHHxv4qVn5zWy147fCCA+Xdoe45pWOBr2tQ4FM0HtI3mY2C2qlhNznUePRI3
E8FhgLV9QPaXwaBp/Lcn2/CbFbAY5jjpPRd+fEq2jcphkDW4+zgLn0O8SjSEyc7w
+XgYC8Ku/o+GAPNYjZ8oKMLzGeWlCxHpiMjQH9Lauq7U3/u1rqL6LG7bsqei3eEC
x7CIALNsXoGTV58dPq+yYr51IjnLnj1deGX3ZMikjK/k85639ADEYA==
=2I2M
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23578798 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Kang for reporting this vulnerability.
This document was written by Jason A Rafail and is based on information from Secunia.com and SecurityTracker.com.
CVE IDs: | CVE-2004-0486 |
---|---|
Severity Metric: | 19.89 Date Public: |