7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
0.4%
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
CPE | Name | Operator | Version |
---|---|---|---|
apple:mac_os_x | apple mac os x | eq | 10.4 |
apple:mac_os_x | apple mac os x | eq | 10.5 |
it.slashdot.org/it/08/06/18/1919224.shtml
lists.apple.com/archives/security-announce//2008//Sep/msg00006.html
lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
secunia.com/advisories/30776
www.securityfocus.com/bid/29831
www.securitytracker.com/id?1020345
www.vupen.com/english/advisories/2008/1905/references
exchange.xforce.ibmcloud.com/vulnerabilities/43294