VDB
CVE-2004-0486
CVE-2004-0486
PUBLISHED
CVSS 7.599999904632568 HIGH
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
EPSS 13.88% · 94.4th percentile
Risk Scores
CVSS 2.0
7.599999904632568
EPSS Score
13.88%
94.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apple | mac_os_x | 10.3.3, 10.3, 10.3.1 |
| apple | mac_os_x_server | 10.3.3, 10.3, 10.3.1 |
| n/a | n/a | * |
Timeline
- May 28, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- VU#578798 third-party-advisory
- 11622 third-party-advisory
- APPLE-SA-2004-05-21 vendor-advisory
- 10356 vdb
- 6184 vdb
- 20040516 Vuln. MacOSX/Safari: Remote help-call, execute scripts mailing-list
- http://www.fundisom.com/owned/warning url
- macos-runscript-code-execution(16166) vdb
- 1010167 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0486 advisory
- http://secunia.com/advisories/11622 url