cvelistv5 - CVE-2007-6165

CVE-2007-6165

Vulnerability from cvelistv5

Published

2007-11-29 01:00

Modified

2024-08-07 15:54

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307179
cve@mitre.org	http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
cve@mitre.org	http://secunia.com/advisories/27785	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28136	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1019106
cve@mitre.org	http://www.heise-security.co.uk/news/99257	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/433819	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/26510	Exploit
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-352A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3958	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4238	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307179
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27785	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28136	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019106
af854a3a-2127-422b-91ae-364da2661108	http://www.heise-security.co.uk/news/99257	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/433819	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26510	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-352A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3958	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4238	Vendor Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-4238",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4238"
          },
          {
            "name": "TA07-352A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
          },
          {
            "name": "VU#433819",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/433819"
          },
          {
            "name": "28136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28136"
          },
          {
            "name": "ADV-2007-3958",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3958"
          },
          {
            "name": "1019106",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019106"
          },
          {
            "name": "APPLE-SA-2007-12-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307179"
          },
          {
            "name": "27785",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27785"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.heise-security.co.uk/news/99257"
          },
          {
            "name": "26510",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26510"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-12-21T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-4238",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4238"
        },
        {
          "name": "TA07-352A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
        },
        {
          "name": "VU#433819",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/433819"
        },
        {
          "name": "28136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28136"
        },
        {
          "name": "ADV-2007-3958",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3958"
        },
        {
          "name": "1019106",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019106"
        },
        {
          "name": "APPLE-SA-2007-12-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307179"
        },
        {
          "name": "27785",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27785"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.heise-security.co.uk/news/99257"
        },
        {
          "name": "26510",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26510"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-4238",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4238"
            },
            {
              "name": "TA07-352A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
            },
            {
              "name": "VU#433819",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/433819"
            },
            {
              "name": "28136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28136"
            },
            {
              "name": "ADV-2007-3958",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3958"
            },
            {
              "name": "1019106",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019106"
            },
            {
              "name": "APPLE-SA-2007-12-17",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307179",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307179"
            },
            {
              "name": "27785",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27785"
            },
            {
              "name": "http://www.heise-security.co.uk/news/99257",
              "refsource": "MISC",
              "url": "http://www.heise-security.co.uk/news/99257"
            },
            {
              "name": "26510",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26510"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6165",
    "datePublished": "2007-11-29T01:00:00",
    "dateReserved": "2007-11-28T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6165\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-29T01:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.\"},{\"lang\":\"es\",\"value\":\"Mail en Apple Mac OS X Leopard (versi\u00f3n 10.5.1), permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo adjunto AppleDouble que contiene un tipo de archivo y un script aparentemente seguros en una bifurcaci\u00f3n de recursos, que no advierte al usuario que un programa separado va a ser ejecutado NOTA: este es un error de regresi\u00f3n relacionado con CVE-2006-0395.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2442D35-7484-43D8-9077-3FDF63104816\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307179\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27785\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019106\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.heise-security.co.uk/news/99257\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/433819\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/26510\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-352A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3958\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4238\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.heise-security.co.uk/news/99257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/433819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/26510\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-352A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-9gxh-58f6-h4hh

Vulnerability from github

Published

2022-05-01 18:40

Modified

2022-05-01 18:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-29T01:46:00Z",
    "severity": "HIGH"
  },
  "details": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.",
  "id": "GHSA-9gxh-58f6-h4hh",
  "modified": "2022-05-01T18:40:07Z",
  "published": "2022-05-01T18:40:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6165"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307179"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27785"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28136"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019106"
    },
    {
      "type": "WEB",
      "url": "http://www.heise-security.co.uk/news/99257"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/433819"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26510"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3958"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4238"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. This issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. http://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. Solution

Since there is no known patch for this issue at this time, US-CERT is recommending a workaround.

Workaround

Disable "Open 'safe' files after downloading"

Disable the option to "Open 'safe' files after downloading," as specified in the document "Securing Your Web Browser."

Appendix A. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.

I. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A.

II. Impact

The impacts of these vulnerabilities vary.

III. Solution

Install an update

Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update.

Appendix A. Please send email to cert@cert.org with "TA06-062A Feedback VU#351217" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

March 3, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0064",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.5 mounted on  apple mail"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "db": "BID",
        "id": "26510"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "heise Security",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-6165",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-6165",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-29527",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-6165",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#351217",
            "trust": 0.8,
            "value": "17.21"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#433819",
            "trust": 0.8,
            "value": "9.28"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#176732",
            "trust": 0.8,
            "value": "17.21"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-6165",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200711-390",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-29527",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. \nThis issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same  underlying vulnerability. We will update this BID as more information emerges. \nUPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application\u0027s quarantine feature. We have not confirmed this information. \nUPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. \nhttp://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged\n   on with administrative privileges, the attacker could take complete\n   control of an affected system. Solution\n\n   Since there is no known patch for this issue at this time, US-CERT is\n   recommending a workaround. \n\nWorkaround\n\nDisable \"Open \u0027safe\u0027 files after downloading\"\n\n   Disable the option to \"Open \u0027safe\u0027 files after downloading,\" as\n   specified in the document \"Securing Your Web Browser.\"\n\n\nAppendix A. Impacts of\n   other vulnerabilities include bypassing security restrictions and\n   denial of service. \n\n\nI. As further information becomes\n   available, we will publish individual Vulnerability Notes. In\n   addition, more information about VU#999708 is available in US-CERT\n   Technical Cyber Security Alert TA06-053A. \n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. \n\n\nIII. Solution\n\nInstall an update\n\n   Install the update as described in Apple Security Update 2006-001. In\n   addition, this update is available via Apple Update. \n\n\nAppendix A. Please send\n   email to \u003ccert@cert.org\u003e with \"TA06-062A Feedback VU#351217\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   March 3, 2006: Initial release\n  \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx\ni+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC\nbqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc\ni2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH\nB1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u\nlKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g==\n=5Ooe\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      },
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "BID",
        "id": "26510"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "db": "PACKETSTORM",
        "id": "44162"
      },
      {
        "db": "PACKETSTORM",
        "id": "44362"
      }
    ],
    "trust": 4.32
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-29527",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "27785",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26510",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA07-352A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "28136",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4238",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3958",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1019106",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "19064",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#351217",
        "trust": 0.9
      },
      {
        "db": "USCERT",
        "id": "TA06-062A",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "18220",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA07-352A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "TA07-352A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-12-17",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390",
        "trust": 0.6
      },
      {
        "db": "USCERT",
        "id": "TA06-053A",
        "trust": 0.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-84148",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30781",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16870",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-29527",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "44162",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "44362",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "db": "BID",
        "id": "26510"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "PACKETSTORM",
        "id": "44162"
      },
      {
        "db": "PACKETSTORM",
        "id": "44362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "id": "VAR-200711-0064",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-09-19T21:12:19.466000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2007-009",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307179-en"
      },
      {
        "title": "Security Update 2007-009",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307179-ja"
      },
      {
        "title": "TA07-352A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta07-352a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/26510"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-352a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/433819"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/27785"
      },
      {
        "trust": 2.4,
        "url": "http://docs.info.apple.com/article.html?artnum=303382"
      },
      {
        "trust": 2.0,
        "url": "http://www.heise-security.co.uk/news/99257"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://docs.info.apple.com/article.html?artnum=307179"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1019106"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28136"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/19064/"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/3958"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3958"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/4238"
      },
      {
        "trust": 0.8,
        "url": "http://security-protocols.com/advisory/sp-x22-advisory.txt"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/18220/"
      },
      {
        "trust": 0.8,
        "url": "http://webkit.opendarwin.org/"
      },
      {
        "trust": 0.8,
        "url": "http://www.heise-security.co.uk/news/99257 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/27785/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/homeusers/email-attachments.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.apple.com/macosx/features/mail.html"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc1740"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6165"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2007/wr074701.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-352a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23433819/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-352a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6165"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa07-352a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/4238"
      },
      {
        "trust": 0.3,
        "url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
      },
      {
        "trust": 0.3,
        "url": "http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple"
      },
      {
        "trust": 0.2,
        "url": "http://www.kb.cert.org/vuls/id/999708\u003e"
      },
      {
        "trust": 0.2,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-053a.html\u003e"
      },
      {
        "trust": 0.2,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.2,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/macosx/features/safari/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/#sgeneral\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/176732\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/351217\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=303382\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "db": "BID",
        "id": "26510"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "PACKETSTORM",
        "id": "44162"
      },
      {
        "db": "PACKETSTORM",
        "id": "44362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "db": "BID",
        "id": "26510"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "db": "PACKETSTORM",
        "id": "44162"
      },
      {
        "db": "PACKETSTORM",
        "id": "44362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-03-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "date": "2007-11-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "date": "2006-03-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "date": "2007-11-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "date": "2007-11-20T00:00:00",
        "db": "BID",
        "id": "26510"
      },
      {
        "date": "2007-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "date": "2006-02-26T03:08:24",
        "db": "PACKETSTORM",
        "id": "44162"
      },
      {
        "date": "2006-03-06T09:45:32",
        "db": "PACKETSTORM",
        "id": "44362"
      },
      {
        "date": "2007-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "date": "2007-11-29T01:46:00",
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "date": "2007-11-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#433819"
      },
      {
        "date": "2006-03-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#176732"
      },
      {
        "date": "2011-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29527"
      },
      {
        "date": "2007-12-18T20:06:00",
        "db": "BID",
        "id": "26510"
      },
      {
        "date": "2007-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001015"
      },
      {
        "date": "2007-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      },
      {
        "date": "2011-10-06T04:00:00",
        "db": "NVD",
        "id": "CVE-2007-6165"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "44162"
      },
      {
        "db": "PACKETSTORM",
        "id": "44362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari WebKit component vulnerable to buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-390"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-6165

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-6165

Aliases

CVE-2007-6165

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6165",
    "description": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.",
    "id": "GSD-2007-6165",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-6165"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6165"
      ],
      "details": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.",
      "id": "GSD-2007-6165",
      "modified": "2023-12-13T01:21:39.083846Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6165",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-4238",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4238"
          },
          {
            "name": "TA07-352A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
          },
          {
            "name": "VU#433819",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/433819"
          },
          {
            "name": "28136",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28136"
          },
          {
            "name": "ADV-2007-3958",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3958"
          },
          {
            "name": "1019106",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019106"
          },
          {
            "name": "APPLE-SA-2007-12-17",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307179",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307179"
          },
          {
            "name": "27785",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27785"
          },
          {
            "name": "http://www.heise-security.co.uk/news/99257",
            "refsource": "MISC",
            "url": "http://www.heise-security.co.uk/news/99257"
          },
          {
            "name": "26510",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26510"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6165"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                },
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.heise-security.co.uk/news/99257",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.heise-security.co.uk/news/99257"
            },
            {
              "name": "VU#433819",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/433819"
            },
            {
              "name": "26510",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/26510"
            },
            {
              "name": "27785",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27785"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307179",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307179"
            },
            {
              "name": "APPLE-SA-2007-12-17",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
            },
            {
              "name": "TA07-352A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
            },
            {
              "name": "1019106",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019106"
            },
            {
              "name": "28136",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28136"
            },
            {
              "name": "ADV-2007-4238",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4238"
            },
            {
              "name": "ADV-2007-3958",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3958"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-10-06T04:00Z",
      "publishedDate": "2007-11-29T01:46Z"
    }
  }
}

Action not permitted

CVE-2007-6165

Vulnerability from cvelistv5

ghsa-9gxh-58f6-h4hh

Vulnerability from github

var-200711-0064

Vulnerability from variot

gsd-2007-6165

Vulnerability from gsd

Tags