Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X prior to 10.5.4 allows user-assisted remote malicious users to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple mac os x 10.4.5 |
||
apple mac os x 10.4.6 |
||
apple mac os x 10.5.3 |
||
apple mac os x server 10.4.1 |
||
apple mac os x 10.4.1 |
||
apple mac os x 10.4.10 |
||
apple mac os x 10.4.7 |
||
apple mac os x 10.4.8 |
||
apple mac os x server 10.4.10 |
||
apple mac os x server 10.4.11 |
||
apple mac os x server 10.4.9 |
||
apple mac os x server 10.5 |
||
apple mac os x server 10.4.7 |
||
apple mac os x server 10.4.8 |
||
apple mac os x 10.4.11 |
||
apple mac os x 10.4.2 |
||
apple mac os x 10.4.9 |
||
apple mac os x 10.5 |
||
apple mac os x server 10.4.2 |
||
apple mac os x server 10.4.3 |
||
apple mac os x server 10.5.1 |
||
apple mac os x server 10.5.2 |
||
apple mac os x 10.4.3 |
||
apple mac os x 10.4.4 |
||
apple mac os x 10.5.1 |
||
apple mac os x 10.5.2 |
||
apple mac os x server 10.4.4 |
||
apple mac os x server 10.4.5 |
||
apple mac os x server 10.4.6 |
||
apple mac os x server 10.5.3 |
Vulmon