Security Database IT Watching - Alert Detail

INFORMATION

Name	:	CVE-2008-4214	First Publication	:	2008-10-10
Severity	:	Medium	Last Modification	:	2009-02-10

SCORING CVSS v2

Cvss Base Score	:	4.6	Attack Range	:	Local
Cvss Impact Score	:	6.4	Attack Complexity	:	Low
Cvss Expoit Score	:	3.9	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.

CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-264 - Permissions, Privileges, and Access Controls (From NVD)

CPE COMMON PLATFORM ENUMERATION (from NVD)

Os : Apple Mac os x (2)
- cpe:/o:apple:mac_os_x:10.4.11
- cpe:/o:apple:mac_os_x:10.5.5
Os : Apple Mac os x server (2)
- cpe:/o:apple:mac_os_x_server:10.4.11
- cpe:/o:apple:mac_os_x_server:10.5.5

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

48987 : Apple Mac OS X Script Editor Scripting Directory File Write Weakness.

SECONDARY(S) SOURCE(S)

Source : APPLE
Url : http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Source : BID
Url : http://www.securityfocus.com/bid/31681
Url : http://www.securityfocus.com/bid/31716

Source : CONFIRM
Url : http://support.apple.com/kb/HT3216

Source : SECTRACK
Url : http://www.securitytracker.com/id?1021029

Source : SECUNIA
Url : http://secunia.com/advisories/32222

Source : VUPEN
Url : http://www.frsirt.com/english/advisories/2008/2780

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/45786