Apple Mac OS X Help Viewer URI Handler JavaScript Code Execution Vulnerability
BID:13496
Info
Apple Mac OS X Help Viewer URI Handler JavaScript Code Execution Vulnerability
| Bugtraq ID: | 13496 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-1337 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovered by David Remahl <[email protected]>. |
| Vulnerable: |
Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X Help Viewer URI Handler JavaScript Code Execution Vulnerability
Apple Mac OS X is prone to a JavaScript execution vulnerability. This issue exists in the Help Viewer URI handler. A maliciously crafted JavaScript file loaded by the Help Viewer would be executed with local privileges.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID.
Apple Mac OS X is prone to a JavaScript execution vulnerability. This issue exists in the Help Viewer URI handler. A maliciously crafted JavaScript file loaded by the Help Viewer would be executed with local privileges.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID.
Exploit / POC
Apple Mac OS X Help Viewer URI Handler JavaScript Code Execution Vulnerability
A proof of concept exploit is available at the following location:
http://remahl.se/david/vuln/004/demo.html
A proof of concept exploit is available at the following location:
http://remahl.se/david/vuln/004/demo.html
Solution / Fix
Apple Mac OS X Help Viewer URI Handler JavaScript Code Execution Vulnerability
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this issue. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this issue. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005client.htm l
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
References
Apple Mac OS X Help Viewer URI Handler JavaScript Code Execution Vulnerability
References:
References:
- help: URI handler execution of JavaScripts with known paths vulnerability (David Remahl)
- Vendor Home Page (Apple)
- Advisories for 4 vulnerabilities addressed by Apple SU 2005-005 (David Remahl
)