Mac OS X iChat Link Handling Arbitrary Command Execution (Security Update 2004-09-16)

Medium Nessus Plugin ID 14768


The remote host is missing a Mac OS X update that fixes a security issue.


The remote host is missing Security Update 2004-09-16.

This security update is for iChat. There is a bug in older versions of iChat where an attacker may execute commands on the local system by sending malformed links which will execute local commands to an iChat user on the remote host.


Install Security Update 2004-09-16.

See Also

Plugin Details

Severity: Medium

ID: 14768

File Name: macosx_SecUpd20040916.nasl

Version: $Revision: 1.13 $

Type: local

Agent: macosx

Published: 2004/09/17

Modified: 2013/03/05

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/09/16

Vulnerability Publication Date: 2004/09/16

Reference Information

CVE: CVE-2004-0873

BID: 11207

OSVDB: 10007