CVE-2008-1032 — Apple Safari vulnerability

6 documents3 sources

Severity

9.3CRITICALNVD

NVD6.8CNA6.8

EPSS

3.8%

top 11.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedJun 2

Latest updateMay 1

Description

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDapple/safari< 3.1.2

▶NVDapple/mac_os_x4 versions+3

▶NVDapple/mac_os_x_server4 versions+3

Patches

Patch: lists.apple.com ↗Patch: www.securityfocus.com ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-6mfp-r743-cc3p: Apple Safari on Mac OS X, and before 3↗2022-05-01

▶

GHSA

GHSA-m7wx-wjm6-293j: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10↗2022-05-01

▶

CVEList

CVE-2008-2540: Apple Safari on Mac OS X, and before 3↗2008-06-03

▶

CVEList

CVE-2008-1032: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10↗2008-06-02

▶