CVE-2009-2808

Metadata

CVE-2009-2808
5.4
lists.apple.com, support.apple.com, securityfocus.com, vupen.com
2009-11-10
2017-06-06 20:20

Description

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

Related Vulnerabilities