CVE-2006-3504

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://secunia.com/advisories/21253
http://www.osvdb.org/27743
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/3101
https://exchange.xforce.ibmcloud.com/vulnerabilities/28146

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*

Information

Published : 2006-08-02 18:04

Updated : 2017-07-19 18:32

NVD link : CVE-2006-3504

Mitre link : CVE-2006-3504

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

apple

mac_os_x
mac_os_x_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html", "name": "APPLE-SA-2006-08-01", "tags": [], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/21253", "name": "21253", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/27743", "name": "27743", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/19289", "name": "19289", "tags": [], "refsource": "BID"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html", "name": "TA06-214A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.vupen.com/english/advisories/2006/3101", "name": "ADV-2006-3101", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28146", "name": "macosx-launchservices-script-execution(28146)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as \"safe\", which could allow attackers to execute Javascript code in local context when the \"Open 'safe' files after downloading\" option is enabled in Safari."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3504", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}}, "publishedDate": "2006-08-03T01:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:32Z"}