{"vuid":"VU#578798","idnumber":"578798","name":"Apple Mac OS X help system may interpret inappropriate local script files","keywords":["Apple","Mac","OS X","Safari","Help.app","runscript","arbitrary code execution"],"overview":"A vulnerability has been reported  in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system.","clean_desc":"A vulnerability has been reported in Apple's Mac OS X runscript function of the Help.app application. Using the \"help://\" URI handler, a remote attacker may be able to create an HTML file that will execute local scripts on the target user's system. If exploited conjunction with VU#210606, a remote attacker may be able to execute arbitrary code of the attacker's choosing. Browsers or other applications supporting this help system URI handler enabled by default on Mac OS X have been reported to be vulnerable.","impact":"A remote attacker may be able to run arbitrary files with interpretable script on a vulnerable system.","resolution":"Download updated software per Apple's Security Update notice: * Apple's Software Downloads web site: For Mac OS X 10.3.3 \"Panther\" and Mac OS X 10.3.3 Server http://www.apple.com/support/downloads/securityupdate__2004-05-24_(10_3_3).html\nThe download file is named: \"SecUpd2004-05-24Pan.dmg\"\nIts SHA-1 digest is: 8e505ac4e36393f44e9d1b27ac0bd9a9e9f5b6a2 For Mac OS X 10.2.8 \"Jaguar\" and Mac OS X 10.2.8 Server http://www.apple.com/support/downloads/securityupdate_2004-05-24_(10_2_8).html\nThe download file is named: \"SecUpd2004-05-24Jag.dmg\"\nIts SHA-1 digest is: 8c084551505fb4e7131afbf8bce14475bdc5f946","workarounds":"According to a posting on Secunia, users may be able to mitigate the potential impact of this reported vulnerability by changing the protocol helpers (applications) for URI handlers which are not required, (e.g., disable \"help://\" execution).","sysaffected":"","thanks":"Thanks to Kang for reporting this vulnerability.","author":"This document was written by Jason A Rafail and is based on information from Secunia.com and SecurityTracker.com.","public":["http://docs.info.apple.com/article.html?artnum=61798","http://secunia.com/advisories/11622/","http://www.securitytracker.com/alerts/2004/May/1010167.html","http://www.apple.com/support/security/security_updates.html"],"cveids":["CVE-2004-0486"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-05-21T19:09:50Z","publicdate":"2004-05-17T00:00:00Z","datefirstpublished":"2004-05-21T21:59:56Z","dateupdated":"2004-05-24T17:43:04Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"6","cam_population":"8","cam_impact":"15","cam_easeofexploitation":"17","cam_attackeraccessrequired":"20","cam_scorecurrent":"19.89","cam_scorecurrentwidelyknown":"19.89","cam_scorecurrentwidelyknownexploited":"35.19","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":19.89,"vulnote":null}