CVE-2008-4234Apple MAC OS X vulnerability

CWE-2643 documents3 sources
Severity
9.3CRITICALNVD
EPSS
5.0%
top 10.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedDec 17
Latest updateMay 2

Description

Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.5.5+5
NVDapple/mac_os_x_server10.5.5+5

🔴Vulnerability Details

2
GHSA
GHSA-5q4g-m8fp-qww7: Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 102022-05-02
CVEList
CVE-2008-4234: Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 102008-12-17
CVE-2008-4234 — Apple MAC OS X vulnerability | cvebase