VAR-200407-0073
Vulnerability from variot - Updated: 2024-06-09 22:57The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this vulnerability report. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Details on the nature of this vulnerability are not known at this time. There are a range of possibilities: from a vulnerability that allows for URLs to be obfuscated to full remote command execution through malicious URLs. This alert will be updated as new information becomes available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200407-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.2.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "10.3.3"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "10.2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578798"
},
{
"db": "BID",
"id": "10400"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reni Puls\u203b rpuls@gmx.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0485",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-0485",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-8915",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0485",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#578798",
"trust": 0.8,
"value": "19.89"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#210606",
"trust": 0.8,
"value": "18.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200407-032",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8915",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578798"
},
{
"db": "CERT/CC",
"id": "VU#210606"
},
{
"db": "VULHUB",
"id": "VHN-8915"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this vulnerability report. apple\u0027s Apple Mac OS X Exists in unspecified vulnerabilities.None. Details on the nature of this vulnerability are not known at this time. There are a range of possibilities: from a vulnerability that allows for URLs to be obfuscated to full remote command execution through malicious URLs. \nThis alert will be updated as new information becomes available",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0485"
},
{
"db": "CERT/CC",
"id": "VU#578798"
},
{
"db": "CERT/CC",
"id": "VU#210606"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "BID",
"id": "10400"
},
{
"db": "VULHUB",
"id": "VHN-8915"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "11622",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2004-0485",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#210606",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1010167",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#578798",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032",
"trust": 0.7
},
{
"db": "XF",
"id": "16166",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2004-05-28",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2004-05-21",
"trust": 0.6
},
{
"db": "BID",
"id": "10400",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-8915",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578798"
},
{
"db": "CERT/CC",
"id": "VU#210606"
},
{
"db": "VULHUB",
"id": "VHN-8915"
},
{
"db": "BID",
"id": "10400"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"id": "VAR-200407-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8915"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-09T22:57:27.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.apple.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "http://secunia.com/advisories/11622/"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/210606"
},
{
"trust": 2.5,
"url": "http://fundisom.com/owned/warning"
},
{
"trust": 1.9,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16166"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00053.html"
},
{
"trust": 1.7,
"url": "http://lists.seifried.org/pipermail/security/2004-may/003743.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/alerts/2004/may/1010167.html"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.8,
"url": "http://www.apple.com/support/security/security_updates.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0485"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16166"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578798"
},
{
"db": "CERT/CC",
"id": "VU#210606"
},
{
"db": "VULHUB",
"id": "VHN-8915"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#578798"
},
{
"db": "CERT/CC",
"id": "VU#210606"
},
{
"db": "VULHUB",
"id": "VHN-8915"
},
{
"db": "BID",
"id": "10400"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#578798"
},
{
"date": "2004-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#210606"
},
{
"date": "2004-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-8915"
},
{
"date": "2004-05-22T00:00:00",
"db": "BID",
"id": "10400"
},
{
"date": "2024-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"date": "2004-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"date": "2004-07-07T04:00:00",
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-24T00:00:00",
"db": "CERT/CC",
"id": "VU#578798"
},
{
"date": "2006-05-01T00:00:00",
"db": "CERT/CC",
"id": "VU#210606"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8915"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10400"
},
{
"date": "2024-06-07T08:58:00",
"db": "JVNDB",
"id": "JVNDB-2004-000930"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-032"
},
{
"date": "2017-07-11T01:30:11.823000",
"db": "NVD",
"id": "CVE-2004-0485"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X help system may interpret inappropriate local script files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#578798"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "10400"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-032"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…