CVE-2005-1331 — Apple Applescript vulnerability

2 documents2 sources

Severity

5.1MEDIUMNVD

EPSS

1.1%

top 21.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Applescript Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMay 4

Latest updateMay 1

Description

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶NVDapple/applescript2.0.0

▶NVDapple/mac_os_x10 versions+9

▶NVDapple/mac_os_x_server10 versions+9

Patches

Patch: lists.apple.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6qxm-23hq-hvpc: The AppleScript Editor in Mac OS X 10↗2022-05-01

▶