Vulnerability Description
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Applescript | 2.0.0 |
| Apple | Mac Os X | 10.3 |
| Apple | Mac Os X Server | 10.3 |
References
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlPatch
- http://remahl.se/david/vuln/010/Exploit
- http://secunia.com/advisories/15227Patch
- http://www.securityfocus.com/bid/13480Patch
- http://www.vupen.com/english/advisories/2005/0455
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlPatch
- http://remahl.se/david/vuln/010/Exploit
- http://secunia.com/advisories/15227Patch
- http://www.securityfocus.com/bid/13480Patch
- http://www.vupen.com/english/advisories/2005/0455
FAQ
What is CVE-2005-1331?
CVE-2005-1331 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could ...
How severe is CVE-2005-1331?
CVE-2005-1331 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1331?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Applescript, Apple Mac Os X, Apple Mac Os X Server.