Calendar Alarm Processing Flaw in iCal on Mac OS X
CVE-2004-1021

Currently unrated

Key Information:

Vendor: Apple
Status: Ical
Vendor: CVE Published:; 1 March 2005

What is CVE-2004-1021?

Prior versions of iCal, particularly those before 1.5.4 running on Mac OS X 10.2.3 and subsequent versions, lack proper user notifications when calendars with alarms are handled. This design oversight permits attackers to leverage alarm functionalities to execute arbitrary programs or send emails without the user's consent, posing a significant security risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18209

vdb-entryx_refsource_XF

http://lists.apple.com/archives/security-announce//2004/N...

vendor-advisoryx_refsource_APPLE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2005
Vulnerability Reserved
Nov 4, 2004

Apple

What is CVE-2004-1021?

References

Timeline