| Vulnerability Name: | CVE-2006-0399 (CCN-25269) | ||||||||
| Assigned: | 2006-03-13 | ||||||||
| Published: | 2006-03-13 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. Note: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. Per Hyperlink Record 894671: Safari could automatically open a file which appears to be a safe file type, such as an image or movie, but is actually an application. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0397 Source: MITRE Type: CNA CVE-2006-0398 Source: MITRE Type: CNA CVE-2006-0399 Source: CCN Type: Apple Security Update 2006-002 About Security Update 2006-002 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=303453 Source: APPLE Type: UNKNOWN APPLE-SA-2006-03-13 Source: CCN Type: SA19129 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 19129 Source: CCN Type: SECTRACK ID: 1015760 Apple Safari `Safe` File Type Processing Flaw May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015760 Source: CCN Type: Apple Web site Apple - Support - Downloads Source: OSVDB Type: UNKNOWN 23871 Source: CCN Type: OSVDB ID: 23869 Apple Safari Safe File Type Bypass Variation Source: CCN Type: OSVDB ID: 23870 Apple Mac OS X LaunchServices Safe File Type Bypass Source: CCN Type: OSVDB ID: 23871 Apple Mac OS X CoreTypes Safe File Type Bypass Source: VUPEN Type: UNKNOWN ADV-2006-0949 Source: CCN Type: IBM Internet Security Systems X-Force Database Apple Mac OS X _MACOSX ZIP archive shell command execution Source: XF Type: UNKNOWN macosx-safefiletype-command-execution(25269) Source: XF Type: UNKNOWN macosx-safefiletype-command-execution(25269) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||