Description
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.insecure.ws/article.php?story=200405222251133
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16242
Broken Link mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html
Scores
EPSS
0.0668
EPSS Percentile
93.0%
Details
CWE
CWE-88
Status
published
Products (1)
apple/mac_os_x
< 10.3.3
Published
Jul 07, 2004
Tracked Since
Feb 18, 2026