CVE-2012-4284
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/01/2020
Last modified:
21/11/2024
Description
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sparklabs:viscosity:1.4.1:*:*:*:*:macos:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.exploit-db.com/exploits/24579
- http://www.securityfocus.com/bid/55002
- https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
- https://www.sparklabs.com/viscosity/releasenotes/mac/
- http://www.exploit-db.com/exploits/24579
- http://www.securityfocus.com/bid/55002
- https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
- https://www.sparklabs.com/viscosity/releasenotes/mac/