Vulnerability Details : CVE-2007-5863
Public exploit exists!
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
Products affected by CVE-2007-5863
- cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5863
91.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-5863
-
Apple OS X Software Update Command Execution
Disclosure Date: 2007-12-17First seen: 2020-04-26exploit/osx/browser/software_updateThis module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirecte
CVSS scores for CVE-2007-5863
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-5863
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5863
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://docs.info.apple.com/article.html?artnum=307179
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAUS Government Resource
-
http://www.securityfocus.com/bid/26908
-
http://securitytracker.com/id?1019106
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
-
http://www.securityfocus.com/archive/1/485237/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39111
Jump to