var-200510-0403
Vulnerability from variot
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-132A
Apple Mac Products Affected by Multiple Vulnerabilities
Original release date: May 12, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.9 (Panther) and version 10.4.6 (Tiger)
* Apple Mac OS X Server version 10.3.9 and version 10.4.6
* Apple Safari web browser
* Apple Mail
Previous versions of Mac OS X may also be affected. Please see Apple Security Update 2006-003 for further information. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
I. Further details are available in the individual Vulnerability Notes.
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes.
III. Solution
Install an update
Install Apple Security Update 2006-003. This and other updates are available via Apple Update.
Disable "Open 'safe' files after downloading"
For additional protection, disable the option to "Open 'safe' files after downloading," as specified in "Securing Your Web Browser."
Appendix A. References
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Safari>
* Apple Security Update 2006-003 -
<http://docs.info.apple.com/article.html?artnum=303737>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
These vulnerabilities were reported in Apple Security Update 2006-003. Please see the Vulnerability Notes for individual reporter acknowledgements.
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-132A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-132A Feedback VU#519473" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
May 12, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRGTxnX0pj593lg50AQKebgf+PTa7qCt6QQRcXGlJ3vjPFOdO1VNRMGr8 WOP8JKHbCK93O3E6YtHJ3nQTJBfyq169TQijWvoWvjjXM603DojGXUXgTBZFhTSG c4L0jE2+nD3273nZXGPreFJAsPxK6me7d4Of/KQ/prJnUfrnWNxfrP90CmXRKNLD +4eC4BEjNXCqpb0ki62WQM7NED6IgfgNZWfO7faTSRYNRdEyLAgetQxZVm5eepyK BJO3rRBBRkOIkIIG5o/J5ViqgiuUP75N37QqTc7BtyzQR2OeWepytJvkMvJUBVAG r0fLUKvhT4wdHxsNGVGCxLNf3NHG1UuWNO3UZ9MeBmREdmeT+K0l9A== =cabu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruby",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike PriceATmaCA atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat smaillist@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1458",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2006-1458",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-17566",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1458",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#160012",
"trust": 0.8,
"value": "2.57"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#289705",
"trust": 0.8,
"value": "17.71"
},
{
"author": "NVD",
"id": "CVE-2006-1458",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-17566",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. \nSuccessful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-132A\n\n\nApple Mac Products Affected by Multiple Vulnerabilities\n\n Original release date: May 12, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Apple Mac OS X version 10.3.9 (Panther) and version 10.4.6 (Tiger)\n * Apple Mac OS X Server version 10.3.9 and version 10.4.6\n * Apple Safari web browser\n * Apple Mail\n\n Previous versions of Mac OS X may also be affected. Please see Apple\n Security Update 2006-003 for further information. \n Impacts of other vulnerabilities include bypassing security\n restrictions and denial of service. \n\n\nI. Further details are available in the individual\n Vulnerability Notes. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. \n\n\nIII. Solution\n\nInstall an update\n\n Install Apple Security Update 2006-003. This and other updates are\n available via Apple Update. \n\nDisable \"Open \u0027safe\u0027 files after downloading\"\n\n For additional protection, disable the option to \"Open \u0027safe\u0027 files\n after downloading,\" as specified in \"Securing Your Web Browser.\"\n\n\nAppendix A. References\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/#Safari\u003e\n\n * Apple Security Update 2006-003 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303737\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n\n ____________________________________________________________________\n\n These vulnerabilities were reported in Apple Security Update 2006-003. \n Please see the Vulnerability Notes for individual reporter\n acknowledgements. \n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-132A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-132A Feedback VU#519473\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n May 12, 2006: Initial release\n\n\n \n \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRGTxnX0pj593lg50AQKebgf+PTa7qCt6QQRcXGlJ3vjPFOdO1VNRMGr8\nWOP8JKHbCK93O3E6YtHJ3nQTJBfyq169TQijWvoWvjjXM603DojGXUXgTBZFhTSG\nc4L0jE2+nD3273nZXGPreFJAsPxK6me7d4Of/KQ/prJnUfrnWNxfrP90CmXRKNLD\n+4eC4BEjNXCqpb0ki62WQM7NED6IgfgNZWfO7faTSRYNRdEyLAgetQxZVm5eepyK\nBJO3rRBBRkOIkIIG5o/J5ViqgiuUP75N37QqTc7BtyzQR2OeWepytJvkMvJUBVAG\nr0fLUKvhT4wdHxsNGVGCxLNf3NHG1UuWNO3UZ9MeBmREdmeT+K0l9A==\n=cabu\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1458"
},
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "PACKETSTORM",
"id": "46436"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1458",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#289705",
"trust": 2.7
},
{
"db": "BID",
"id": "17953",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "20069",
"trust": 1.9
},
{
"db": "USCERT",
"id": "TA06-132B",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1016067",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "16904",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#160012",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2006-1778",
"trust": 1.1
},
{
"db": "XF",
"id": "26391",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060",
"trust": 0.7
},
{
"db": "USCERT",
"id": "TA06-132A",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "17094",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17147",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17129",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "20077",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17098",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "19130",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17285",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-860",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-862",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-864",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-05-11",
"trust": 0.6
},
{
"db": "SECTRACK",
"id": "1014948",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2006:005",
"trust": 0.6
},
{
"db": "BID",
"id": "17951",
"trust": 0.6
},
{
"db": "BID",
"id": "14909",
"trust": 0.6
},
{
"db": "XF",
"id": "22360",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200510-05",
"trust": 0.6
},
{
"db": "SREASON",
"id": "59",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-132A",
"trust": 0.6
},
{
"db": "VUPEN",
"id": "ADV-2006-1779",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2005:191",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-195-1",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:799",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-17566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"id": "VAR-200510-0403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17566"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:28:03.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TA24130",
"trust": 0.8,
"url": "http://support.apple.com/kb/TA24130"
},
{
"title": "TA24130",
"trust": 0.8,
"url": "http://support.apple.com/kb/TA24130?viewlocale=ja_JP"
},
{
"title": "TA06-132B",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-132b.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/17953"
},
{
"trust": 1.9,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132b.html"
},
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/289705"
},
{
"trust": 1.9,
"url": "http://securitytracker.com/id?1016067"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/20069"
},
{
"trust": 1.4,
"url": "http://www.ruby-lang.org/en/20051003.html"
},
{
"trust": 1.4,
"url": "http://jvn.jp/jp/jvn%2362914675/index.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2006/may/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1778"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26391"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16904/"
},
{
"trust": 0.8,
"url": "http://www.rubycentral.com/book/taint.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime71.html "
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=303752 "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1458"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/1778"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/26391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-132b/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1458"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132a.html"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/160012"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/16904"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/22360"
},
{
"trust": 0.6,
"url": "http://www.ubuntu.com/usn/usn-195-1"
},
{
"trust": 0.6,
"url": "http://www.securitytracker.com/alerts/2005/sep/1014948.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/17951"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/14909"
},
{
"trust": 0.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-799.html"
},
{
"trust": 0.6,
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"trust": 0.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:191"
},
{
"trust": 0.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1779"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2005/dsa-864"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2005/dsa-862"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2005/dsa-860"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/20077"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/19130"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17285"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17147"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17129"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17098"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17094"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2006/may/msg00003.html"
},
{
"trust": 0.6,
"url": "http://securityreason.com/securityalert/59"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=303752"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "/archive/1/433850"
},
{
"trust": 0.3,
"url": "/archive/1/433810"
},
{
"trust": 0.3,
"url": "/archive/1/433828"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303737\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132a.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#160012"
},
{
"date": "2006-05-12T00:00:00",
"db": "CERT/CC",
"id": "VU#289705"
},
{
"date": "2006-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-17566"
},
{
"date": "2006-05-11T00:00:00",
"db": "BID",
"id": "17953"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"date": "2006-05-22T03:14:36",
"db": "PACKETSTORM",
"id": "46436"
},
{
"date": "2005-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"date": "2006-05-12T20:06:00",
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#160012"
},
{
"date": "2006-05-17T00:00:00",
"db": "CERT/CC",
"id": "VU#289705"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-17566"
},
{
"date": "2006-05-15T22:29:00",
"db": "BID",
"id": "17953"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"date": "2017-07-20T01:30:36.957000",
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruby safe-level security model bypass",
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.