CVE-2008-0060

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.4.11 through 10.5.2

Description The issue allows remote attackers to execute arbitrary Applescript via a help:topic list URL that injects HTML or JavaScript into a topic list page. This can be demonstrated using a help:runscript link.

Recommendations For Apple Mac OS X versions 10.4.11 through 10.5.2, consider disabling the execution of Applescript from help:topic list URLs as a temporary workaround until a patch is available. Restrict access to the Help Viewer to minimize the risk of exploitation. Avoid using the help:runscript link in the affected versions to prevent arbitrary Applescript execution.