PRIOn knowledge basePRION:CVE-2007-0023Cross site request forgery (csrf)
6.2 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user’s home directory, which is executed when Cocoa applications attempt to notify the user.
References
docs.info.apple.com/article.html?artnum=305102
lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html
projects.info-pull.com/moab/MOAB-22-01-2007.html
secunia.com/advisories/23846
secunia.com/advisories/24198
securitytracker.com/id?1017542
www.kb.cert.org/vuls/id/315856
www.osvdb.org/32695
www.securityfocus.com/bid/22188
www.us-cert.gov/cas/techalerts/TA07-047A.html
www.vupen.com/english/advisories/2007/0074
exchange.xforce.ibmcloud.com/vulnerabilities/31676
Related
6.2 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%