cvelistv5 - CVE-2008-0060

CVE-2008-0060 (GCVE-0-2008-0060)

Vulnerability from cvelistv5

Published

2008-03-18 23:00

Modified

2024-08-07 07:32

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-200803-0026

Vulnerability from variot

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. An attacker can exploit this issue by enticing an unsuspecting user to visit a malicious 'help:topic_list' URI. This may allow arbitrary Applescript code to run in the context of the user running the application. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.

2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.

3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

For more information: SA18008 SA21197 SA26636 SA27906 SA28046

4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.

6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.

7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.

8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907

9) An integer overflow error exists in CoreFoundation when handling time zone data.

10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari.

For more information: SA29431

12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges.

13) A boundary error in curl can be exploited to compromise a user's system.

For more information: SA17907

14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system.

For more information: SA27508

15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system.

For more information: SA24548

16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name.

17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges.

18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure.

19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari).

20) A race condition error exists in NSXML.

22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file.

23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system.

For more information: SA29428

24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS.

25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string.

26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd.

27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code.

28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions.

For more information: SA27648 SA28318

29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments.

30) Printing and Preview handle PDF files with weak encryption.

31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk.

33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image.

35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges.

For more information: SA27040 SA28532

36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service).

For more information: SA22900 SA25292 SA27093 SA27130

SOLUTION: Apply Security Update 2008-002.

Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html

Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html

Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html

Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html

Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html

Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega

34) Rodrigo Carvalho CORE Security Technologies

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562

CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189

OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/

SA18008: http://secunia.com/advisories/18008/

SA21187: http://secunia.com/advisories/21197/

SA22900: http://secunia.com/advisories/22900/

SA23347: http://secunia.com/advisories/23347/

SA24187: http://secunia.com/advisories/24187/

SA24548: http://secunia.com/advisories/24548/

SA24891: http://secunia.com/advisories/24891/

SA25292: http://secunia.com/advisories/25292/

SA26038: http://secunia.com/advisories/26038/

SA26530: http://secunia.com/advisories/26530/

SA26636: http://secunia.com/advisories/26636/

SA27040: http://secunia.com/advisories/27040/

SA27093: http://secunia.com/advisories/27093/

SA27130: http://secunia.com/advisories/27130/

SA27648: http://secunia.com/advisories/27648/

SA27508: http://secunia.com/advisories/27508/

SA27906: http://secunia.com/advisories/27906/

SA28046: http://secunia.com/advisories/28046/

SA28117: http://secunia.com/advisories/28117/

SAS28318: http://secunia.com/advisories/28318/

SA28532: http://secunia.com/advisories/28532/

SA28907: http://secunia.com/advisories/28907/

SA29428: http://secunia.com/advisories/29428/

SA29431: http://secunia.com/advisories/29431/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0026",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "directory pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cosmicperl",
        "version": "10.0.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.03"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.0.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "28371"
      },
      {
        "db": "BID",
        "id": "28304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ragnar SundbladregenrechtDaniel JalkutBrian MastenbrookClint RuohoMike Ash",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0060",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-0060",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-30185",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-0060",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-0060",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-283",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30185",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. \nAn attacker can exploit this issue by enticing an unsuspecting user to visit a malicious \u0027help:topic_list\u0027 URI.  This may allow arbitrary Applescript code to run in the context of the user running the application. Apple Mac OS X is prone to multiple security vulnerabilities. \nThese issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. \nThese issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. \nNOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID:\n28320 Apple Mac OS X AFP Client \u0027afp://\u0027 URI Remote Code  Execution Vulnerability CVE-2008-0044. \n28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994\n28388 Apple Mac OS X AppKit NSDocument API\u0027s Stack Based Buffer Overflow Vulnerability CVE-2008-0048\n28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049\n28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057\n28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997\n28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046\n28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051\n28384 Apple Mac OS X CoreServices \u0027.ief\u0027 Files Security Policy Violation Weakness CVE-2008-0052\n28334 CUPS Multiple Unspecified Input Validation Vulnerabilities\n28341 Apple Mac OS X Foundation \u0027NSSelectorFromString\u0027 Input Validation Vulnerability\n28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability\n28357 Apple Mac OS X Foundation \u0027NSFileManager\u0027 Stack-Based Buffer Overflow Vulnerability\n28359 Apple Mac OS X Foundation \u0027NSURLConnection\u0027 Cache Management Race Condition Security Vulnerability\n28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability\n28367 Apple Mac OS X Foundation \u0027NSXML\u0027 XML File Processing Race Condition Security Vulnerability\n28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability\n28374 Apple Mac OS X libc \u0027strnstr(3)\u0027 Off-By-One Denial of Service Vulnerability\n28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness\n28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness\n28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability\n28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability\n28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability\n28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability\n28345 Apple Mac OS X \u0027notifyd\u0027 Local Denial of Service Vulnerability\n28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability\n28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\n1) Multiple boundary errors in AFP client when processing \"afp://\"\nURLs can be exploited to cause stack-based buffer overflows when a\nuser connects to a malicious AFP server. \n\n2) An error exists in AFP Server when checking Kerberos principal\nrealm names. This can be exploited to make unauthorized connections\nto the server when cross-realm authentication with AFP Server is\nused. \n\n3) Multiple vulnerabilities in Apache can be exploited by malicious\npeople to conduct cross-site scripting attacks, cause a DoS (Denial\nof Service), or potentially compromise a vulnerable system. \n\nFor more information:\nSA18008\nSA21197\nSA26636\nSA27906\nSA28046\n\n4) A boundary error within the handling of file names in the\nNSDocument API in AppKit can be exploited to cause a stack-based\nbuffer overflow. \n\n6) Multiple integer overflow errors exist in the parser for a legacy\nserialization format. This can be exploited to cause a heap-based\nbuffer overflow when a specially crafted serialized property list is\nparsed. \n\n7) An error in CFNetwork can be exploited to spoof secure websites\nvia 502 Bad Gateway errors from a malicious HTTPS proxy server. \n\n8) Multiple vulnerabilities in ClamAV can be exploited by malicious\npeople to cause a DoS (Denial of Service) or to compromise a\nvulnerable system. \n\nFor more information:\nSA23347\nSA24187\nSA24891\nSA26038\nSA26530\nSA28117\nSA28907\n\n9) An integer overflow error exists in CoreFoundation when handling\ntime zone data. \n\n10) The problem is that files with names ending in \".ief\" can be\nautomatically opened in AppleWorks if \"Open \u0027Safe\u0027 files\" is enabled\nin Safari. \n\nFor more information:\nSA29431\n\n12) Multiple input validation errors exist in CUPS, which can be\nexploited to execute arbitrary code with system privileges. \n\n13) A boundary error in curl can be exploited to compromise a user\u0027s\nsystem. \n\nFor more information:\nSA17907\n\n14) A vulnerability in emacs can be exploited by malicious people to\ncompromise a user\u0027s system. \n\nFor more information:\nSA27508\n\n15) A vulnerability in \"file\" can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA24548\n\n16) An input validation error exists in the NSSelectorFromString API,\nwhich can potentially be exploited to execute arbitrary code via a\nmalformed selector name. \n\n17) A race condition error in NSFileManager can potentially be\nexploited to gain escalated privileges. \n\n18) A boundary error in NSFileManager can potentially be exploited to\ncause a stack-based buffer overflow via an overly long pathname with a\nspecially crafted structure. \n\n19) A race condition error exists in the cache management of\nNSURLConnection. This can be exploited to cause a DoS or execute\narbitrary code in applications using the library (e.g. Safari). \n\n20) A race condition error exists in NSXML. \n\n22) A boundary error exists in Image Raw within the handling of Adobe\nDigital Negative (DNG) image files. This can be exploited to cause a\nstack-based buffer overflow by enticing a user to open a maliciously\ncrafted image file. \n\n23) Multiple vulnerabilities in Kerberos can be exploited to cause a\nDoS or to  compromise a vulnerable system. \n\nFor more information:\nSA29428\n\n24) An off-by-one error the \"strnstr()\" in libc can be exploited to\ncause a DoS. \n\n25) A format string error exists in mDNSResponderHelper, which can be\nexploited by a malicious, local user to cause a DoS or execute\narbitrary code with privileges of mDNSResponderHelper by setting the\nlocal hostname to a specially crafted string. \n\n26) An error in notifyd can be exploited by a malicious, local user\nto deny access to notifications by sending fake Mach port death\nnotifications to notifyd. \n\n27) An array indexing error in the pax command line tool can be\nexploited to execute arbitrary code. \n\n28) Multiple vulnerabilities in php can be exploited to bypass\ncertain security restrictions. \n\nFor more information:\nSA27648\nSA28318\n\n29) A security issue is caused due to the Podcast Capture application\nproviding passwords to a subtask through the arguments. \n\n30) Printing and Preview handle PDF files with weak encryption. \n\n31) An error in Printing in the handling of authenticated print\nqueues can lead to credentials being saved to disk. \n\n33) A null-pointer dereference error exists in the handling of\nUniversal Disc Format (UDF) file systems, which can be exploited to\ncause a system shutdown by enticing a user to open a maliciously\ncrafted disk image. \n\n35) Some vulnerabilities in X11 can be exploited by malicious, local\nusers to gain escalated privileges. \n\nFor more information:\nSA27040\nSA28532\n\n36) Some vulnerabilities in libpng can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nFor more information:\nSA22900\nSA25292\nSA27093\nSA27130\n\nSOLUTION:\nApply Security Update 2008-002. \n\nSecurity Update 2008-002 v1.0 (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10ppc.html\n\nSecurity Update 2008-002 v1.0 (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10universal.html\n\nSecurity Update 2008-002 v1.0 (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10leopard.html\n\nSecurity Update 2008-002 v1.0 Server (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html\n\nSecurity Update 2008-002 v1.0 Server (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html\n\nSecurity Update 2008-002 v1.0 Server (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm\n11) regenrecht via iDefense\n19) Daniel Jalkut, Red Sweater Software\n22) Brian Mastenbrook\n24) Mike Ash, Rogue Amoeba Software\n29) Maximilian Reiss, Chair for Applied Software Engineering, TUM\n33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega\n\n34) Rodrigo Carvalho CORE Security Technologies\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307562\n\nCORE-2008-0123:\nhttp://www.coresecurity.com/?action=item\u0026id=2189\n\nOTHER REFERENCES:\nSA17907:\nhttp://secunia.com/advisories/17907/\n\nSA18008:\nhttp://secunia.com/advisories/18008/\n\nSA21187:\nhttp://secunia.com/advisories/21197/\n\nSA22900:\nhttp://secunia.com/advisories/22900/\n\nSA23347:\nhttp://secunia.com/advisories/23347/\n\nSA24187:\nhttp://secunia.com/advisories/24187/\n\nSA24548:\nhttp://secunia.com/advisories/24548/\n\nSA24891:\nhttp://secunia.com/advisories/24891/\n\nSA25292:\nhttp://secunia.com/advisories/25292/\n\nSA26038:\nhttp://secunia.com/advisories/26038/\n\nSA26530:\nhttp://secunia.com/advisories/26530/\n\nSA26636:\nhttp://secunia.com/advisories/26636/\n\nSA27040:\nhttp://secunia.com/advisories/27040/\n\nSA27093:\nhttp://secunia.com/advisories/27093/\n\nSA27130:\nhttp://secunia.com/advisories/27130/\n\nSA27648:\nhttp://secunia.com/advisories/27648/\n\nSA27508:\nhttp://secunia.com/advisories/27508/\n\nSA27906:\nhttp://secunia.com/advisories/27906/\n\nSA28046:\nhttp://secunia.com/advisories/28046/\n\nSA28117:\nhttp://secunia.com/advisories/28117/\n\nSAS28318:\nhttp://secunia.com/advisories/28318/\n\nSA28532:\nhttp://secunia.com/advisories/28532/\n\nSA28907:\nhttp://secunia.com/advisories/28907/\n\nSA29428:\nhttp://secunia.com/advisories/29428/\n\nSA29431:\nhttp://secunia.com/advisories/29431/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "BID",
        "id": "28371"
      },
      {
        "db": "BID",
        "id": "28304"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "db": "PACKETSTORM",
        "id": "64747"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "28371",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "28304",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "29420",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1019657",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA08-079A",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0924",
        "trust": 1.7
      },
      {
        "db": "USCERT",
        "id": "SA08-079A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA08-079A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-03-18",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "41295",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-30185",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64747",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "db": "BID",
        "id": "28371"
      },
      {
        "db": "BID",
        "id": "28304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "PACKETSTORM",
        "id": "64747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "id": "VAR-200803-0026",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:20:50.019000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2008-002",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1249?viewlocale=en_US"
      },
      {
        "title": "Security Update 2008-002",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/28304"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/28371"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1019657"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/29420"
      },
      {
        "trust": 1.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307562"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0924/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41295"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0060"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/0924"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-079a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-079a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0060"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/41295"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0924/references"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/server/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://docs.info.apple.com/article.html?artnum=307430"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/?action=item\u0026id=2189"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28046/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27648/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24891/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27093/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29431/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27906/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008002v10universal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22900/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21197/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23347/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29420/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26038/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27130/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28532/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29428/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24187/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24548/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26636/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25292/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18008/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27040/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27508/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28117/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28907/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17907/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26530/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28318/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "db": "BID",
        "id": "28371"
      },
      {
        "db": "BID",
        "id": "28304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "PACKETSTORM",
        "id": "64747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "db": "BID",
        "id": "28371"
      },
      {
        "db": "BID",
        "id": "28304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "db": "PACKETSTORM",
        "id": "64747"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "BID",
        "id": "28371"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "BID",
        "id": "28304"
      },
      {
        "date": "2008-04-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "date": "2008-03-20T20:39:31",
        "db": "PACKETSTORM",
        "id": "64747"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "date": "2008-03-18T23:44:00",
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30185"
      },
      {
        "date": "2008-03-24T15:30:00",
        "db": "BID",
        "id": "28371"
      },
      {
        "date": "2008-03-22T01:10:00",
        "db": "BID",
        "id": "28304"
      },
      {
        "date": "2008-04-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      },
      {
        "date": "2008-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      },
      {
        "date": "2024-11-21T00:41:04.580000",
        "db": "NVD",
        "id": "CVE-2008-0060"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "28371"
      },
      {
        "db": "BID",
        "id": "28304"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  Help Viewer In any  AppleScript Vulnerability in which is executed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001212"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-283"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2008-AVI-148

Vulnerability from certfr_avis

None

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

fkie_cve-2008-0060

Vulnerability from fkie_nvd

Published

2008-03-18 23:44

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Patch
cve@mitre.org	http://secunia.com/advisories/29420
cve@mitre.org	http://www.securityfocus.com/bid/28304
cve@mitre.org	http://www.securityfocus.com/bid/28371
cve@mitre.org	http://www.securitytracker.com/id?1019657
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41295
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28304
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28371
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019657
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41295

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.4.11
apple	mac_os_x	10.5.2
apple	mac_os_x_server	10.4.11
apple	mac_os_x_server	10.5.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link."
    },
    {
      "lang": "es",
      "value": "Help Viewer en Apple Mac OS X 10.4.11 y 10.5.2, permite a atacantes remotos ejecutar Applescript de su elecci\u00f3n a trav\u00e9s de la URL help:topic_list, la cual inyecta HTML o JavaScript dentro de una p\u00e1gina de listado de topic, tal y como se ha demostrado usando el enlace  help:runscript."
    }
  ],
  "id": "CVE-2008-0060",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-18T23:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28304"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019657"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41295"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-rj3v-cq8g-mv7w

Vulnerability from github

Published

2022-05-01 23:27

Modified

2022-05-01 23:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-18T23:44:00Z",
    "severity": "MODERATE"
  },
  "details": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.",
  "id": "GHSA-rj3v-cq8g-mv7w",
  "modified": "2022-05-01T23:27:25Z",
  "published": "2022-05-01T23:27:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0060"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41295"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28304"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28371"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019657"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2008-0060

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-0060

Aliases

CVE-2008-0060

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0060",
    "description": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.",
    "id": "GSD-2008-0060"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0060"
      ],
      "details": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.",
      "id": "GSD-2008-0060",
      "modified": "2023-12-13T01:22:58.956194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0060",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28304",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28304"
          },
          {
            "name": "TA08-079A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "macos-helpviewer-code-execution(41295)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41295"
          },
          {
            "name": "1019657",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019657"
          },
          {
            "name": "28371",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28371"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0060"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "1019657",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019657"
            },
            {
              "name": "TA08-079A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
            },
            {
              "name": "28304",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28304"
            },
            {
              "name": "28371",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28371"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "macos-helpviewer-code-execution(41295)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41295"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-03-18T23:44Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0060 (GCVE-0-2008-0060)

Vulnerability from cvelistv5

var-200803-0026

Vulnerability from variot

CERTA-2008-AVI-148

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2008-0060

Vulnerability from fkie_nvd

ghsa-rj3v-cq8g-mv7w

Vulnerability from github

gsd-2008-0060

Vulnerability from gsd

Tags

Sightings

Nomenclature