ID
VAR-200911-0262
CVE
CVE-2009-2808
TITLE
Apple Mac OS X Help Viewer vulnerable to arbitrary code execution
Trust: 0.8
sources:
JVNDB: JVNDB-2009-002334
DESCRIPTION
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. Apple Mac OS X is prone to a remote code-execution vulnerability. Successful exploits may allow attackers with access to the local area network access to execute arbitrary code within the context of the application. NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it
Trust: 2.25
sources:
NVD: CVE-2009-2808 //
JVNDB: JVNDB-2009-002334 //
BID: 36977 //
BID: 36956 //
VULHUB: VHN-40254
AFFECTED PRODUCTS
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.4 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.5 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.2 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.0 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.1 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.8 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.7 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.3 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.6 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.11 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.10 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.0.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.0.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.11 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.0.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.0.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.10 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | lte | version: | 10.6.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | lte | version: | 10.6.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.0.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.1.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.2.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.4.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.5.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | 10.3.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | v10.5.8 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | v10.6 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | v10.6.1 | Trust: 0.8 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | v10.5.8 | Trust: 0.8 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | v10.6 | Trust: 0.8 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | v10.6.1 | Trust: 0.8 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.6.1 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.8 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.7 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.6 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.5 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.4 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.3 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.2 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.1 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.6 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.6.1 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.8 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.7 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.6 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.5 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.4 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.3 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.2 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.1 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.6 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | ne | version: | x10.6.2 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | ne | version: | x10.6.2 | Trust: 0.6 |
sources:
BID: 36977 //
BID: 36956 //
JVNDB: JVNDB-2009-002334 //
CNNVD: CNNVD-200911-093 //
NVD: CVE-2009-2808
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
VULHUB: VHN-40254 //
JVNDB: JVNDB-2009-002334 //
CNNVD: CNNVD-200911-093 //
NVD: CVE-2009-2808
PROBLEMTYPE DATA
| problemtype: | CWE-310 | Trust: 1.9 |
sources:
VULHUB: VHN-40254 //
JVNDB: JVNDB-2009-002334 //
NVD: CVE-2009-2808
THREAT TYPE
network
Trust: 0.6
sources:
BID: 36977 //
BID: 36956
TYPE
encryption problem
Trust: 0.6
sources:
CNNVD: CNNVD-200911-093
CONFIGURATIONS
sources:
JVNDB: JVNDB-2009-002334
PATCH
| title: | HT3937 | url: | http://support.apple.com/kb/HT3937 | Trust: 0.8 |
| title: | HT3937 | url: | http://support.apple.com/kb/HT3937?viewlocale=ja_JP | Trust: 0.8 |
sources:
JVNDB: JVNDB-2009-002334
EXTERNAL IDS
| db: | NVD | id: | CVE-2009-2808 | Trust: 2.8 |
| db: | VUPEN | id: | ADV-2009-3184 | Trust: 2.5 |
| db: | BID | id: | 36956 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2009-002334 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200911-093 | Trust: 0.7 |
| db: | APPLE | id: | APPLE-SA-2009-11-09-1 | Trust: 0.6 |
| db: | BID | id: | 36977 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-40254 | Trust: 0.1 |
sources:
VULHUB: VHN-40254 //
BID: 36977 //
BID: 36956 //
JVNDB: JVNDB-2009-002334 //
CNNVD: CNNVD-200911-093 //
NVD: CVE-2009-2808
REFERENCES
| url: | http://www.vupen.com/english/advisories/2009/3184 | Trust: 2.5 |
| url: | http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html | Trust: 1.7 |
| url: | http://www.securityfocus.com/bid/36956 | Trust: 1.7 |
| url: | http://support.apple.com/kb/ht3937 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2808 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2808 | Trust: 0.8 |
| url: | http://www.apple.com/macosx/ | Trust: 0.6 |
sources:
VULHUB: VHN-40254 //
BID: 36977 //
BID: 36956 //
JVNDB: JVNDB-2009-002334 //
CNNVD: CNNVD-200911-093 //
NVD: CVE-2009-2808
CREDITS
Brian Mastenbrook Regis Duchesne Nicolas Joly
Trust: 0.6
sources:
CNNVD: CNNVD-200911-093
SOURCES
| db: | VULHUB | id: | VHN-40254 |
| db: | BID | id: | 36977 |
| db: | BID | id: | 36956 |
| db: | JVNDB | id: | JVNDB-2009-002334 |
| db: | CNNVD | id: | CNNVD-200911-093 |
| db: | NVD | id: | CVE-2009-2808 |
LAST UPDATE DATE
2025-04-10T21:39:32.634000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-40254 | date: | 2009-11-17T00:00:00 |
| db: | BID | id: | 36977 | date: | 2009-11-10T22:16:00 |
| db: | BID | id: | 36956 | date: | 2009-11-11T20:56:00 |
| db: | JVNDB | id: | JVNDB-2009-002334 | date: | 2009-12-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-200911-093 | date: | 2009-11-10T00:00:00 |
| db: | NVD | id: | CVE-2009-2808 | date: | 2025-04-09T00:30:58.490 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-40254 | date: | 2009-11-10T00:00:00 |
| db: | BID | id: | 36977 | date: | 2009-11-09T00:00:00 |
| db: | BID | id: | 36956 | date: | 2009-11-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2009-002334 | date: | 2009-12-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-200911-093 | date: | 2009-11-10T00:00:00 |
| db: | NVD | id: | CVE-2009-2808 | date: | 2009-11-10T19:30:01 |