First published: Tue Mar 18 2008(Updated: )
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Server | =10.5.2 | |
Apple macOS Server | =10.4.11 | |
Apple iOS and macOS | =10.5.2 | |
Apple iOS and macOS | =10.4.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-0060 is classified as a moderate severity vulnerability due to its potential for remote code execution.
CVE-2008-0060 affects Apple Mac OS X versions 10.4.11 and 10.5.2.
To fix CVE-2008-0060, update to the latest version of Apple Mac OS X that resolves this vulnerability.
Yes, CVE-2008-0060 can be exploited remotely via specially crafted help:topic_list URLs.
CVE-2008-0060 allows attackers to execute arbitrary AppleScript through malicious HTML or JavaScript injection.