CVE-2009-2808
5.4
Vector
AV:A/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 5.5 / Impact: 6.4
Source: NVD
Description
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
Affected (118)
Products: Apple: Mac Os X, Mac Os X Server
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 10.6.1 |
Related CWEs
References (8)
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.