Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0486 — Path Traversal in Apple MAC OS X

3 documents3 sources

Severity

7.6HIGHNVD

EPSS

13.9%

top 5.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedJul 7

Latest updateApr 29

Description

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x4 versions+3

▶NVDapple/mac_os_x_server4 versions+3

Patches

Patch: secunia.com ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r8x3-9gqm-vxgf: HelpViewer in Mac OS X 10↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution↗2004-05-17

▶