CVE-2008-2311Link Following in Apple MAC OS X

CWE-59Link FollowingCWE-362Race Condition3 documents3 sources
Severity
7.6HIGHNVD
EPSS
2.9%
top 13.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedJul 1
Latest updateMay 1

Description

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x15 versions+14
NVDapple/mac_os_x_server15 versions+14

Patches

Patch: support.apple.comPatch: support.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-99vh-gvcg-x7q6: Launch Services in Apple Mac OS X before 102022-05-01
CVEList
CVE-2008-2311: Launch Services in Apple Mac OS X before 102008-07-01
CVE-2008-2311 — Link Following in Apple MAC OS X | cvebase