CVE-2004-0486

Name of the Vulnerable Software and Affected Versions Mac OS X versions 10.2.8 through 10.3.3

Description The issue allows attackers to execute arbitrary code by processing scripts that it did not initiate. Originally reported as a directory traversal vulnerability, it can be exploited through the Safari web browser using the runscript parameter in a help: URI handler.

Recommendations For Mac OS X versions 10.2.8 through 10.3.3, consider disabling the HelpViewer functionality until a patch is available to prevent the execution of arbitrary code. Restrict access to the help: URI handler to minimize the risk of exploitation. Avoid using the runscript parameter in the Safari web browser until the issue is resolved.