Mac OS X iChat Link Handling Arbitrary Command Execution (Security Update 2004-09-16)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes a security
issue.

Description :

The remote host is missing Security Update 2004-09-16.

This security update is for iChat. There is a bug in older versions
of iChat where an attacker may execute commands on the local system
by sending malformed links which will execute local commands to an
iChat user on the remote host.

See also :

http://www.nessus.org/u?210abeb5

Solution :

Install Security Update 2004-09-16.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 14768 (macosx_SecUpd20040916.nasl)

Bugtraq ID: 11207

CVE ID: CVE-2004-0873