CVE-2008-2830

Severity

72%

Complexity

39%

Confidentiality

165%

Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.

Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Apple Mac OS X

First reported 16 years ago

2008-06-23 20:41:00

Last updated 7 years ago

2017-08-08 01:31:00

Affected Software

Apple Mac OS X 10.4

10.4

Apple Mac OS X 10.5

10.5

References

http://it.slashdot.org/it/08/06/18/1919224.shtml

APPLE-SA-2008-09-16

APPLE-SA-2008-07-31

30776

29831

Exploit

1020345

ADV-2008-1905

apple-macosx-ardagent-command-execution(43294)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.