CVE-2005-1331

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html	Patch
http://remahl.se/david/vuln/010/	Exploit
http://secunia.com/advisories/15227	Patch
http://www.securityfocus.com/bid/13480	Patch
http://www.vupen.com/english/advisories/2005/0455

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:applescript:2.0.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*

History

No history.

Information

Published : 2005-05-04 04:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-1331

Mitre link : CVE-2005-1331

CVE.ORG link : CVE-2005-1331

JSON object : View

Products Affected

apple

mac_os_x
applescript
mac_os_x_server

CWE

NVD-CWE-Other

{"id": "CVE-2005-1331", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2005-05-04T04:00:00.000", "references": [{"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://remahl.se/david/vuln/010/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/15227", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13480", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/0455", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs."}], "lastModified": "2011-03-08T02:21:38.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:applescript:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B29AB40A-62A3-494A-B039-F43810283B9A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFDADE04-29F0-446B-824B-0518880CF0A0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9BE602-A740-4CF7-9CAF-59061B16AB31"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E698C1-C313-40E6-BAF9-7C8F9CF02484"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "421079DA-B605-4E05-9454-C30CF7631CF4"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B734BA-3435-40A9-B22B-5D56CEB865A7"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30897327-44DD-4D6C-B8B6-2D66C44EA55D"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B79D8F73-2E78-4A67-96BB-21AD9BCB0094"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E997653-C744-4F1F-9948-47579AB3BED3"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF5A416A-F198-4B9C-8221-D36CC8A7FE5C"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384C130F-D1A9-4482-AF20-FC81933473A3"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CA6BD2A-3022-408D-8E4F-50865996E965"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "463D5628-7536-4029-99D6-5E525050059E"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A39B11-1C23-4A6C-B4C5-AEC40836F173"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78D48FD1-CB91-4310-9432-A4365FA67B11"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "750C6C37-8460-4ED8-83AD-ACAF993E4A6E"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}