Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Mac)  >   LaunchServices Vendors:   Apple
Apple Mac OS X LaunchServices Component May Let Remote Users Register and Execute Applications
SecurityTracker Alert ID:  1010414
SecurityTracker URL:
CVE Reference:   CVE-2004-0538   (Links to External Site)
Date:  Jun 7 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Mac OS X 10.2.8, 10.3.4
Description:   A vulnerability was reported in Apple's Mac OS X in LaunchServices. A remote user may be able to cause the target user to run certain applications.

Apple reported that a remote user may be able to cause LaunchServices to register an application and subsequently cause the application to run.

Impact:   A remote user may be able to cause an application to run on the target user's system.
Solution:   Apple has issued a fix as part of Security Update 2004-06-07 for Mac OS X 10.3.4 (Panther) and 10.2.8 (Jaguar). Software updates for Mac OS X are available via:

- Software Update preferences

- Apple Downloads:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Subject:  CVE: CVE-2004-0538

 > Security Update 2004-06-07 (Mac OS X 10.3.4 and 10.2.8)

 > Security Update 2004-06-07 is available for the following system versions:
 > - Mac OS X v10.3.4 "Panther"
 > - Mac OS X Server v10.3.4 "Panther"
 > - Mac OS X v10.2.8 "Jaguar"
 > - Mac OS X Server v10.2.8 "Jaguar"

 > LaunchServices
 > CVE-ID: CAN-2004-0538
 > Impact: LaunchServices automatically registers applications, which could be used to
 > cause the system to run unexpected applications.
 > Discussion: LaunchServices is a system component that discovers and opens applications.
 > This system component has been modified to only open applications that have previously
 > been explicitly run on the system. Attempts to run an application that has not
 > previously been explicitly run will result in a user alert. Further information is
 > available in this article.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC