CVE-2004-0486
CVE-2004-0486
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/24121unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0837.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00053.htmlhttp://secunia.com/advisories/11622/http://securitytracker.com/id?1010167https://exchange.xforce.ibmcloud.com/vulnerabilities/16166http://www.fundisom.com/owned/warninghttp://www.kb.cert.org/vuls/id/578798http://www.osvdb.org/6184http://www.securityfocus.com/bid/10356