| Vulnerability Name: | CCN-16227 | ||||||
| Published: | 2004-05-22 | ||||||
| Updated: | 2004-05-22 | ||||||
| Summary: | Apple Mac OS X could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability with the disk:// URL handler. A remote attacker could create a specially-crafted Web page that downloads a malicious file to a known location, which would cause malicious script to be executed on the victim's system, once the page is viewed. An attacker could exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to a victim as an HTML email. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: BID-10401 Apple MacOS X URI Handler Remote Code Execution Variant Vulnerabilities Source: XF Type: UNKNOWN macos-disk-code-execution(16227) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||