NVD

Id
50031  
Name
CVE-2009-2808  
Description
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.  
Reject
 
CVSS Version
2  
CVSS Score
5.4  
Severity
Medium  
CVSS Base Score
5.4  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
5.5  
CVSS Vector
(AV:A/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-11-10  
Modified Date
2009-11-17  
Seq
2009-2808  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
253118 50031 CVE-2009-2808 APPLE-SA-2009-11-09-1  View
253119 50031 CVE-2009-2808 http://support.apple.com/kb/HT3937  View
253120 50031 CVE-2009-2808 36956  View
253121 50031 CVE-2009-2808 ADV-2009-3184  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41327 JVNDB-2009-002334 Apple Mac OS X のヘルプビューアにおける任意のコードを実行される脆弱性 Apple Mac OS X のヘルプビューアには、アップルのヘルプコンテンツを閲覧する際にHTTPS が使われないため、help:runscript リンクを送信され、任意のコードを実行される脆弱性が存在します。 CVE-2009-2808 40239 CVE-2009-2808 50031 5.4 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002334.html 2009-11-09 2009-12-17 View