CVE-2008-2309

CVE-2008-2309 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

Learn more about our User Device Pen Test.