CVE-2010-0497
Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
Disk Images en Apple Mac OS X anteriores a v10.6.3 no proporciona la advertencia esperada de tipo de fichero inseguro en una imagen de disco habilitada para internet, lo cual facilita a atacantes remotos asistidos por usuarios ejecutar código a su elección a través del tipo de fichero del paquete.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file.
The specific flaw exists in the handling of internet enabled disk image files. When a specially crafted Menu Extras plugin is included in the disk image, it is executed without further interaction allowing for arbitrary code execution under the context of the current user.
*Credits:
Brian Mastenbrook
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-02-03 CVE Reserved
- 2010-03-30 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | 2010-03-31 | |
| http://support.apple.com/kb/HT4077 | 2010-03-31 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.6.2 Search vendor "Apple" for product "Mac Os X" and version " <= 10.6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5 Search vendor "Apple" for product "Mac Os X" and version "10.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.0 Search vendor "Apple" for product "Mac Os X" and version "10.5.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.1 Search vendor "Apple" for product "Mac Os X" and version "10.5.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.2 Search vendor "Apple" for product "Mac Os X" and version "10.5.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.3 Search vendor "Apple" for product "Mac Os X" and version "10.5.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.4 Search vendor "Apple" for product "Mac Os X" and version "10.5.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.5 Search vendor "Apple" for product "Mac Os X" and version "10.5.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.6 Search vendor "Apple" for product "Mac Os X" and version "10.5.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.7 Search vendor "Apple" for product "Mac Os X" and version "10.5.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.8 Search vendor "Apple" for product "Mac Os X" and version "10.5.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.0 Search vendor "Apple" for product "Mac Os X" and version "10.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.1 Search vendor "Apple" for product "Mac Os X" and version "10.6.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | <= 10.6.2 Search vendor "Apple" for product "Mac Os X Server" and version " <= 10.6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5 Search vendor "Apple" for product "Mac Os X Server" and version "10.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.3 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.4 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.5 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.6 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.7 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.8 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.1" | - |
Affected
| ||||||