Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Mac OS X Help协议远程代码执行漏洞
Vulnerability Description
Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。 Mac OS X help应用程序的'help:'协议实现存在问题,远程攻击者可以利用这个漏洞以目前进程权限在系统上执行任意命令。 'help:'协议能够远程通过Safari web浏览器调用,由于Mac OS X对'help:'协议处理实现存在问题,允许攻击者构建恶意链接,诱使用户访问,并通过help应用程序执行脚本代码。不过根据报告此执行任意代码需要用户比较少的交互。成功利用此漏洞可以未授权访问受此漏洞影响的系统。
CVSS Information
N/A
Vulnerability Type
N/A