Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
No CVSS v3.1
No CVSS v3.0
Access Vector Adjacent Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:A/AC:M/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Apple |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-11-10T19:00:00
Updated: 2009-11-17T10:00:00
Reserved: 2009-08-17T00:00:00
Link: CVE-2009-2808
JSON object: View
NVD Information
Status : Modified
Published: 2009-11-10T19:30:01.000
Modified: 2009-11-17T07:02:57.563
Link: CVE-2009-2808
JSON object: View
Redhat Information
No data.
CWE