Lucene search

[email protected]CVE-2008-2830

HistoryJun 23, 2008 - 8:41 p.m.

CVE-2008-2830

2008-06-2320:41:00

CWE-264

[email protected]

web.nvd.nist.gov

apple

mac os x

open scripting architecture

cve-2008-2830

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.

Affected configurations

NVD

Node

applemac_os_xMatch10.4

applemac_os_xMatch10.5

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.4
apple:mac_os_xapple mac os xeq10.5

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.4
apple:mac_os_x	apple mac os x	eq	10.5

References

it.slashdot.org/it/08/06/18/1919224.shtml

lists.apple.com/archives/security-announce//2008//Sep/msg00006.html

lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

secunia.com/advisories/30776

www.securityfocus.com/bid/29831

www.securitytracker.com/id?1020345

www.vupen.com/english/advisories/2008/1905/references

exchange.xforce.ibmcloud.com/vulnerabilities/43294

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2008-2830

nvd1 cvelist1 prion1 kitploit1 nessus1 openvas2