Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
Exploitability
AV:NAC:MAu:NImpact
C:PI:PA:P6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P