Published: 14/09/2009 Updated: 17/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote malicious users to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x server 10.5.8
apple mac os x 10.5.8

Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters

The Register • Thomas Claburn in San Francisco • 22 Sep 2021

Get our weekly newsletter file:// is blocked? Oh OK, we'll just use File:// or fiLE://...

Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem. A security advisory published Tuesday by the SSD Secure Disclosure program, on behalf of researcher Park Minchan, explains that macOS Finder – which provides a visual interface for interacting with files – is vulnerable to documents with the .inetloc extension. "[T]hese files can be embedded inside emails which if the user clicks on them will execute the co...

CVE-2009-2811

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect