Lucene search

SAINT CorporationSAINT:6D0303C56098956018FAC37F887992D7

HistoryNov 02, 2015 - 12:00 a.m.

Safari Script Editor AppleScript execution

2015-11-0200:00:00

SAINT Corporation

download.saintcorporation.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.8%

JSON

Added: 11/02/2015
CVE: CVE-2015-7007
BID: 77266

Background

Safari is a web browser for Mac OS X and Windows.

Problem

A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari.

Resolution

Upgrade to OS X 10.11.1 or apply Security Update 2015-007.

References

<https://support.apple.com/en-us/HT205375>

Limitations

A user must load the exploit page in Safari and type Control-R in order for the exploit to succeed.

Platforms

Mac OS X

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.8%

JSON

Related for SAINT:6D0303C56098956018FAC37F887992D7