Info

Last Modified

3 months ago

Percent Complete

10%

Disclosure

Jun 30, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 10% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

Classification

Solution: Upgrade
Disclosure: Vendor Verified

Products

Unknown or Incomplete

References

Bugtraq ID: 30018
Vendor Specific News/Changelog Entry: http://support.apple.com/kb/HT2163
Related OSVDB ID: 46663 46665 46666 46667 46668 46669
ISS X-Force ID: 43493
Vendor Specific Advisory URL: http://support.apple.com/kb/HT2163
Secunia Advisory ID: 30802
Mail List Post: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
CVE ID: 2008-2309 (see also: NVD)
Security Tracker: 1020391

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches