| Vulnerability Name: | CVE-2005-1723 (CCN-20951) | ||||||||
| Assigned: | 2005-06-08 | ||||||||
| Published: | 2005-06-08 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-1723 Source: CCN Type: Apple Web site Technical Note TN2017 Source: CCN Type: AppleCare Knowledge Base Document 301742 About Security Update 2005-006 Source: APPLE Type: Patch, Vendor Advisory APPLE-SA-2005-06-08 Source: CCN Type: SECTRACK ID: 1014141 Apple LaunchServices Lets Remote Users Bypass the File Dowload Dialog Source: SECTRACK Type: UNKNOWN 1014141 Source: CCN Type: OSVDB ID: 17270 Apple Mac OS X LaunchServices Unsafe Mime Type Database Check Bypass Source: CCN Type: BID-13899 Apple Mac OS X Security Update 2005-006 Multiple Vulnerabilities Source: XF Type: UNKNOWN apple-launchservices-bypass(20951) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||