Vulnerability Details : CVE-2012-4284
Public exploit exists!
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
Vulnerability category: Execute codeGain privilege
Products affected by CVE-2012-4284
- cpe:2.3:a:sparklabs:viscosity:1.4.1:*:*:*:*:macos:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4284
6.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-4284
-
Viscosity setuid-set ViscosityHelper Privilege Escalation
Disclosure Date: 2012-08-12First seen: 2020-04-26exploit/osx/local/setuid_viscosityThis module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This module has been tested succes
CVSS scores for CVE-2012-4284
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2012-4284
-
http://www.exploit-db.com/exploits/24579
Viscosity - setuid-set ViscosityHelper Privilege Escalation (Metasploit) - OSX local ExploitExploit;Third Party Advisory;VDB Entry
-
https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
Viscosity setuid-set ViscosityHelper Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.sparklabs.com/viscosity/releasenotes/mac/
Viscosity - Release Notes - SparkLabsRelease Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/55002
Viscosity 'ViscosityHelper' Symlink Attack Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to