header-logo
Suggest Exploit
vendor:
Mac OS X
by:
SecurityFocus
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Mac OS X
Affected Version From: Mac OS X 10.1
Affected Version To: Mac OS X 10.1.5
Patch Exists: YES
Related CWE: CVE-2002-1217
CPE: o:apple:mac_os_x
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mac OS X
2002

Mac OS X Command Injection Vulnerability

Mac OS X is vulnerable to command injection due to improper handling of some links. A user clicking on a link containing special characters and embedded commands could cause the execution of the commands in the link to be carried out in a terminal.app window. These commands would be executed in the security context of the user.

Mitigation:

Apple has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5768/info

Mac OS X is the BSD-based operating system distributed and maintained by Apple.

It has been discovered that some types of links, when clicked on, may result in the execution of arbitrary commands. Due to the improper handling of some links, a user clicking on a link containing special characters and embedded commands could cause the execution of the commands in the link to be carried out in a terminal.app window. These commands would be executed in the security context of the user.

telnet://|ls -la

Navigation

Suggest Exploit

Services By CQR