CVE-2013-3667

EUVD-2013-3600
The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
barebonestextwrangler
𝑥
≤ 4.5.2
barebonestextwrangler
2.3
barebonestextwrangler
3.0
barebonestextwrangler
3.1
barebonestextwrangler
3.5
barebonestextwrangler
3.5.1
barebonestextwrangler
3.5.3
barebonestextwrangler
4.0
barebonestextwrangler
4.0.1
barebonestextwrangler
4.5
barebonestextwrangler
4.5.1
barebonesbbedit
𝑥
≤ 10.5.4
barebonesbbedit
10.0
barebonesbbedit
10.0.1
barebonesbbedit
10.1
barebonesbbedit
10.1.1
barebonesbbedit
10.1.2
barebonesbbedit
10.5
barebonesbbedit
10.5.1
barebonesbbedit
10.5.2
barebonesbbedit
10.5.3
barebonesyojimbo
𝑥
≤ 3.0.4
barebonesyojimbo
1.4
barebonesyojimbo
1.4.1
barebonesyojimbo
1.4.2
barebonesyojimbo
1.5
barebonesyojimbo
1.5.1
barebonesyojimbo
1.5.2
barebonesyojimbo
2.0
barebonesyojimbo
2.1
barebonesyojimbo
2.2
barebonesyojimbo
3.0
barebonesyojimbo
3.0.1
barebonesyojimbo
3.0.2
barebonesyojimbo
3.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.barebones.com/support/bbedit/arch_bbedit1055.html
http://www.barebones.com/support/textwrangler/notes_tw453.html
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html
https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ
http://www.barebones.com/support/bbedit/arch_bbedit1055.html
http://www.barebones.com/support/textwrangler/notes_tw453.html
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html
https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ