Charles Srstka

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.4.11 through 10.5.4 Mac OS X versions prior to 10.4.11 Mac OS X versions prior to 10.5.4 **Description** The issue concerns the Open Scripting Architecture in Mac OS X, which fails to properly restrict the loading of scripting addition plugins. This allows local users to gain privileges via scripting addition commands to a privileged application. An example of exploitation is through an osascript tell command to ARDAgent. **Recommendations** For Mac OS X versions 10.4.11 through 10.5.4, consider restricting access to scripting addition plugins to minimize the risk of exploitation. For Mac OS X versions prior to 10.4.11, update to version 10.4.11 or later to resolve the issue. For Mac OS X versions prior to 10.5.4, update to version 10.5.4 or later to resolve the issue.