cvelistv5 - cve-2006-0848

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=303382
cve@mitre.org	http://secunia.com/advisories/18963	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1015652	Exploit
cve@mitre.org	http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php	Exploit, Vendor Advisory
cve@mitre.org	http://www.heise.de/english/newsticker/news/69862
cve@mitre.org	http://www.kb.cert.org/vuls/id/999708	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
cve@mitre.org	http://www.osvdb.org/23510
cve@mitre.org	http://www.securityfocus.com/bid/16736	Exploit
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-053A.html	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-062A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0671	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24808
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=303382
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18963	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015652	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.heise.de/english/newsticker/news/69862
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/999708	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/23510
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16736	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-053A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-062A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0671	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24808

▼	Vendor	Product
	n/a	n/a

var-200602-0446

Vulnerability from variot

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. Apple Safari WebKit component is vulnerable to buffer overflow. Mac OS X of Web browser Safari Contains an arbitrary code execution vulnerability in its default configuration. Safari Now, in the default settings, Resource forks Refer to the file type defined in .If the file type is image / video / compressed file, "Safe" file Will be processed automatically. This allows for crafted files "Safe" file There is a possibility that arbitrary code execution may be executed as a result. Exploit code that exploits this vulnerability has already been published.A remote third party could execute arbitrary code with the privileges of the logged-in user. If a user is logged in with an account with administrator privileges, the resulting vulnerable system could be completely controlled. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. Apple Safari is a web browser bundled with the Apple operating system. There is an issue in Safari's handling of automatic opening of downloaded files.

TITLE: Mac OS X KHTMLParser Denial of Service Weakness

SECUNIA ADVISORY ID: SA18220

VERIFY ADVISORY: http://secunia.com/advisories/18220/

CRITICAL: Not critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Tom Ferris has discovered a weakness in Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the KHTMLParser when parsing certain malformed HTML documents. This can be exploited to crash an application that uses the parser via a specially crafted HTML file. In certain cases, this may cause the system to become unresponsive. Other applications that use the parser may also be affected.

SOLUTION: Do not open or follow links to HTML files from non-trusted sources.

PROVIDED AND/OR DISCOVERED BY: Tom Ferris

ORIGINAL ADVISORY: http://security-protocols.com/advisory/sp-x22-advisory.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200602-0446",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "db": "BID",
        "id": "16736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Lehn",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-0848",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2006-0848",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-16956",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-0848",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#351217",
            "trust": 0.8,
            "value": "17.21"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#999708",
            "trust": 0.8,
            "value": "35.44"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-0848",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200602-347",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-16956",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The \"Open \u0027safe\u0027 files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. Apple Safari WebKit component is vulnerable to buffer overflow. Mac OS X of Web browser Safari Contains an arbitrary code execution vulnerability in its default configuration. Safari Now, in the default settings, Resource forks Refer to the file type defined in .If the file type is image / video / compressed file, \"Safe\" file Will be processed automatically. This allows for crafted files \"Safe\" file There is a possibility that arbitrary code execution may be executed as a result. Exploit code that exploits this vulnerability has already been published.A remote third party could execute arbitrary code with the privileges of the logged-in user. If a user is logged in with an account with administrator privileges, the resulting vulnerable system could be completely controlled. Commands would be executed in the context of the user opening the archive file. \nAttackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. \nMac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. Apple Safari is a web browser bundled with the Apple operating system. There is an issue in Safari\u0027s handling of automatic opening of downloaded files. \n\nTITLE:\nMac OS X KHTMLParser Denial of Service Weakness\n\nSECUNIA ADVISORY ID:\nSA18220\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18220/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nTom Ferris has discovered a weakness in Mac OS X, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe weakness is caused due to an error in the KHTMLParser when\nparsing certain malformed HTML documents. This can be exploited to\ncrash an application that uses the parser via a specially crafted\nHTML file. In certain cases, this may cause the system to become\nunresponsive. Other applications that use the\nparser may also be affected. \n\nSOLUTION:\nDo not open or follow links to HTML files from non-trusted sources. \n\nPROVIDED AND/OR DISCOVERED BY:\nTom Ferris\n\nORIGINAL ADVISORY:\nhttp://security-protocols.com/advisory/sp-x22-advisory.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      },
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "db": "BID",
        "id": "16736"
      },
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "db": "PACKETSTORM",
        "id": "42522"
      }
    ],
    "trust": 3.51
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-16956",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-0848",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "16736",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1015652",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "18963",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA06-053A",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "23510",
        "trust": 1.7
      },
      {
        "db": "USCERT",
        "id": "TA06-062A",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0671",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "24808",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "18220",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "19064",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#351217",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA06-053A",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA06-062A",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "82306",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16866",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-88754",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71364",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-16956",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "42522",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "db": "BID",
        "id": "16736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "db": "PACKETSTORM",
        "id": "42522"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "id": "VAR-200602-0446",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-09-19T21:58:37.672000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "TA23971",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/TA23971"
      },
      {
        "title": "TA23971",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/TA23971?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-16",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://docs.info.apple.com/article.html?artnum=303382"
      },
      {
        "trust": 2.5,
        "url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.heise.de/english/newsticker/news/69862"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/16736"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/999708"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-053a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/23510"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015652"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18963"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/24808"
      },
      {
        "trust": 1.1,
        "url": "http://docs.info.apple.com/article.html?artnum=303453"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/0671"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808"
      },
      {
        "trust": 0.9,
        "url": "http://security-protocols.com/advisory/sp-x22-advisory.txt"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/18220/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/19064/"
      },
      {
        "trust": 0.8,
        "url": "http://webkit.opendarwin.org/"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/documentation/carbon/conceptual/launchservicesconcepts/lscconcepts/chapter_2_section_8.html"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/technotes/tn/tn2017.html"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/documentation/mac/moretoolbox/moretoolbox-11.html"
      },
      {
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=108009"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/18963/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0397"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0398"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0399"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2006/feb/1015652.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0848"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-053a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0848"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/0671"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "db": "BID",
        "id": "16736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "db": "PACKETSTORM",
        "id": "42522"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "db": "BID",
        "id": "16736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "db": "PACKETSTORM",
        "id": "42522"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-03-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "date": "2006-02-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "date": "2006-02-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "date": "2006-02-21T00:00:00",
        "db": "BID",
        "id": "16736"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "date": "2005-12-23T08:37:20",
        "db": "PACKETSTORM",
        "id": "42522"
      },
      {
        "date": "2006-02-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "date": "2006-02-22T23:02:00",
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#351217"
      },
      {
        "date": "2006-12-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#999708"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-16956"
      },
      {
        "date": "2016-07-06T14:40:00",
        "db": "BID",
        "id": "16736"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000877"
      },
      {
        "date": "2006-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      },
      {
        "date": "2017-07-20T01:30:07.427000",
        "db": "NVD",
        "id": "CVE-2006-0848"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari WebKit component vulnerable to buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#351217"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "configuration error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200602-347"
      }
    ],
    "trust": 0.6
  }
}

ghsa-pgr2-c4h8-5r6j

Vulnerability from github

Published

2022-05-01 06:43

Modified

2022-05-01 06:43

Details

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0848"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-02-22T23:02:00Z",
    "severity": "MODERATE"
  },
  "details": "The \"Open \u0027safe\u0027 files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.",
  "id": "GHSA-pgr2-c4h8-5r6j",
  "modified": "2022-05-01T06:43:19Z",
  "published": "2022-05-01T06:43:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0848"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=303382"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18963"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015652"
    },
    {
      "type": "WEB",
      "url": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php"
    },
    {
      "type": "WEB",
      "url": "http://www.heise.de/english/newsticker/news/69862"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/999708"
    },
    {
      "type": "WEB",
      "url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/23510"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16736"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-053A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-0848

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

Aliases

CVE-2006-0848

Aliases

CVE-2006-0848

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0848",
    "description": "The \"Open \u0027safe\u0027 files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.",
    "id": "GSD-2006-0848",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-0848"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0848"
      ],
      "details": "The \"Open \u0027safe\u0027 files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.",
      "id": "GSD-2006-0848",
      "modified": "2023-12-13T01:19:50.144490Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-0848",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The \"Open \u0027safe\u0027 files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "18963",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18963"
          },
          {
            "name": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html",
            "refsource": "MISC",
            "url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html"
          },
          {
            "name": "VU#999708",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/999708"
          },
          {
            "name": "16736",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16736"
          },
          {
            "name": "1015652",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015652"
          },
          {
            "name": "TA06-053A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-053A.html"
          },
          {
            "name": "ADV-2006-0671",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0671"
          },
          {
            "name": "TA06-062A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
          },
          {
            "name": "http://www.heise.de/english/newsticker/news/69862",
            "refsource": "MISC",
            "url": "http://www.heise.de/english/newsticker/news/69862"
          },
          {
            "name": "23510",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/23510"
          },
          {
            "name": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php",
            "refsource": "MISC",
            "url": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=303382",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=303382"
          },
          {
            "name": "macosx-zip-command-execution(24808)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0848"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The \"Open \u0027safe\u0027 files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html"
            },
            {
              "name": "http://www.heise.de/english/newsticker/news/69862",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.heise.de/english/newsticker/news/69862"
            },
            {
              "name": "TA06-053A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-053A.html"
            },
            {
              "name": "VU#999708",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/999708"
            },
            {
              "name": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php"
            },
            {
              "name": "16736",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/16736"
            },
            {
              "name": "18963",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18963"
            },
            {
              "name": "1015652",
              "refsource": "SECTRACK",
              "tags": [
                "Exploit"
              ],
              "url": "http://securitytracker.com/id?1015652"
            },
            {
              "name": "23510",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/23510"
            },
            {
              "name": "TA06-062A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
            },
            {
              "name": "ADV-2006-0671",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0671"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=303382",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=303382"
            },
            {
              "name": "macosx-zip-command-execution(24808)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-20T01:30Z",
      "publishedDate": "2006-02-22T23:02Z"
    }
  }
}

Action not permitted

cve-2006-0848

Vulnerability from cvelistv5

var-200602-0446

Vulnerability from variot

ghsa-pgr2-c4h8-5r6j

Vulnerability from github

gsd-2006-0848

Vulnerability from gsd

Tags