Info

Disclosure

May 14, 2004

Discovery

Feb 23, 2004

Dates

Exploit

May 15, 2004

Solution

Unknown

Description

Apple Mac OSX contains a flaw that may allow a malicious website to execute arbitrary commands on the vulnerable host. The issue is triggered when a user clicks a specially formed URI. It is possible that the flaw may allow arbitrary commands to be executed resulting in a loss of integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch/update (2004-06-07) to address this vulnerability.

Products

Apple Computer, Inc.	OSX	10.2.8
		10.3
		10.3.1
		10.3.2
		10.3.3
		10.3.4
	Safari	1.2.1

Microsoft Corporation

Internet Explorer for Mac

5.2

Mozilla Organization	Browser for Mac	1.7RC2
Mozilla Organization	Firefox for Mac	0.8

References

Bugtraq ID: 10356
Secunia Advisory ID: 11622
CVE ID: 2004-0486 (see also: NVD)
Generic Informational URL: http://forums.macnn.com/showthread.php?s=&threadid=213043
http://fundisom.com/owned/warning
http://www.heise.de/newsticker/meldung/47355
Vendor Specific Solution URL: http://www.apple.com/support/downloads/securityupdate_2004-06-07_(_10_2_8).html
http://www.apple.com/support/downloads/securityupdate_2004-06-07_(_10_3_4).html
Other Solution URL: http://www.clauss-net.de/misfox/misfox.html
http://www.monkeyfood.com/software/moreInternet/

Credit

Felix Henke - lixlpixelmac.com - fundisom.com

Direct URL: http://osvdb.org/6184

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

OSX

Safari

Microsoft Corporation

Internet Explorer for Mac

Mozilla Organization

Browser for Mac

Firefox for Mac

References

Credit