CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.2 | $0-$5k | 0.00 |
A vulnerability classified as problematic was found in Apple Mac OS X 10.9 (Operating System). Affected by this vulnerability is an unknown part of the component Hard Link Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.
The weakness was released 11/08/2013 by Maksymilian Arciemowicz as WLB-2013110059 as not defined advisory (Website). The advisory is shared at cxsecurity.com. The public release happened without involvement of Apple. An attack has to be approached locally. A single authentication is necessary for exploitation. Technical details are unknown but a public exploit is available.
A public exploit has been developed by Maksymilian Arciemowicz in ANSI C and been published immediately after the advisory. It is possible to download the exploit at cxsecurity.com. It is declared as proof-of-concept.
The advisory contains the following remark:
(…) if Apple is not going to fix this vulnerability then someone should change the Wikipedias at least.
Entry connected to this vulnerability is available at 65483.
Product
Type
Vendor
Name
Version
License
Support
- end of life
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.5
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Maksymilian Arciemowicz
Programming Language: 🔍
Download: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Timeline
11/08/2013 🔍11/08/2013 🔍
11/15/2013 🔍
03/25/2019 🔍
Sources
Vendor: apple.comAdvisory: WLB-2013110059
Researcher: Maksymilian Arciemowicz
Status: Not defined
OSVDB: 99677
scip Labs: https://www.scip.ch/en/?labs.20150108
See also: 🔍
Entry
Created: 11/15/2013 15:06Updated: 03/25/2019 13:06
Changes: 11/15/2013 15:06 (52), 03/25/2019 13:06 (2)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.