var-200603-0270
Vulnerability from variot
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard (10.5) systems. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. Apple Safari is a web browser bundled with the Apple operating system. There is an issue in Safari's handling of automatic opening of downloaded files. Safari's default configuration allows files to be automatically opened after downloading a safe file.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Apple Mail Command Execution Vulnerability
SECUNIA ADVISORY ID: SA27785
VERIFY ADVISORY: http://secunia.com/advisories/27785/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the handling of unsafe file types in email attachments. This can be exploited via a specially crafted email containing an attachment of an ostensibly safe file type (e.g. ".jpg") to execute arbitrary shell commands when the attachment is double-clicked.
SOLUTION: Do not open attachments from untrusted sources.
ORIGINAL ADVISORY: http://www.heise-security.co.uk/news/99257
OTHER REFERENCES: SA19064: http://secunia.com/advisories/19064/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-062A
Apple Mac Products are Affected by Multiple Vulnerabilities
Original release date: March 3, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.9 (Panther) and version 10.4.5 (Tiger)
* Apple Mac OS X Server version 10.3.9 and version 10.4.5
* Apple Safari web browser
Previous versions of Mac OS X may also be affected.Please see Apple
Security Update 2006-001 for further information. Impacts of
other vulnerabilities include bypassing security restrictions and denial of service.
I. (CVE-2006-0848)
VU#351217 - Apple Safari WebKit component vulnerable to buffer overflow
Apple Safari WebKit component is vulnerable to buffer overflow. (CVE-2005-4504)
VU#176732 - Apple Safari vulnerable to buffer overflow
Apple Safari is vulnerable to a stack-based buffer overflow. (CVE-2006-0387)
Please note that Apple Security Update 2006-001 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A.
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
III. Solution
Install an update
Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update.
Appendix A. References
* US-CERT Vulnerability Note VU#999708 -
<http://www.kb.cert.org/vuls/id/999708>
* US-CERT Vulnerability Note VU#351217 -
<http://www.kb.cert.org/vuls/id/351217>
* US-CERT Vulnerability Note VU#176732 -
<http://www.kb.cert.org/vuls/id/176732>
* US-CERT Technical Cyber Security Alert TA06-053A -
<http://www.us-cert.gov/cas/techalerts/TA06-053A.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Safari>
* Apple Security Update 2006-001 -
<http://docs.info.apple.com/article.html?artnum=303382>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-062A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-062A Feedback VU#351217" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 3, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200603-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#999708"
},
{
"db": "BID",
"id": "16736"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Lehn",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0399",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-0399",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-16507",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0399",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#433819",
"trust": 0.8,
"value": "9.28"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#999708",
"trust": 0.8,
"value": "35.44"
},
{
"author": "CNNVD",
"id": "CNNVD-200603-249",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-16507",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2006-0399",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#999708"
},
{
"db": "VULHUB",
"id": "VHN-16507"
},
{
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard (10.5) systems. Commands would be executed in the context of the user opening the archive file. \nAttackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. \nMac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. Apple Safari is a web browser bundled with the Apple operating system. There is an issue in Safari\u0027s handling of automatic opening of downloaded files. Safari\u0027s default configuration allows files to be automatically opened after downloading a safe file. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mail Command Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA27785\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27785/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nA vulnerability has been reported in Apple Mail, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the handling of unsafe\nfile types in email attachments. This can be exploited via a specially\ncrafted email containing an attachment of an ostensibly safe file type\n(e.g. \".jpg\") to execute arbitrary shell commands when the attachment\nis double-clicked. \n\nSOLUTION:\nDo not open attachments from untrusted sources. \n\nORIGINAL ADVISORY:\nhttp://www.heise-security.co.uk/news/99257\n\nOTHER REFERENCES:\nSA19064:\nhttp://secunia.com/advisories/19064/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-062A\n\n\nApple Mac Products are Affected by Multiple Vulnerabilities\n\n Original release date: March 3, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Apple Mac OS X version 10.3.9 (Panther) and version 10.4.5 (Tiger)\n * Apple Mac OS X Server version 10.3.9 and version 10.4.5\n * Apple Safari web browser\n\n Previous versions of Mac OS X may also be affected.Please see Apple \n Security Update 2006-001 for further information. Impacts of\n other vulnerabilities include bypassing security restrictions and\n denial of service. \n\n\nI. \n (CVE-2006-0848)\n\n VU#351217 - Apple Safari WebKit component vulnerable to buffer\n overflow\n\n Apple Safari WebKit component is vulnerable to buffer overflow. \n (CVE-2005-4504)\n\n VU#176732 - Apple Safari vulnerable to buffer overflow\n\n Apple Safari is vulnerable to a stack-based buffer overflow. \n (CVE-2006-0387)\n\n Please note that Apple Security Update 2006-001 addresses additional\n vulnerabilities not described above. As further information becomes\n available, we will publish individual Vulnerability Notes. In\n addition, more information about VU#999708 is available in US-CERT\n Technical Cyber Security Alert TA06-053A. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. Potential\n consequences include remote execution of arbitrary code or commands,\n bypass of security restrictions, and denial of service. \n\n\nIII. Solution\n\nInstall an update\n\n Install the update as described in Apple Security Update 2006-001. In\n addition, this update is available via Apple Update. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#999708 -\n \u003chttp://www.kb.cert.org/vuls/id/999708\u003e\n\n * US-CERT Vulnerability Note VU#351217 -\n \u003chttp://www.kb.cert.org/vuls/id/351217\u003e\n\n * US-CERT Vulnerability Note VU#176732 -\n \u003chttp://www.kb.cert.org/vuls/id/176732\u003e\n\n * US-CERT Technical Cyber Security Alert TA06-053A -\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-053A.html\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/#Safari\u003e\n\n * Apple Security Update 2006-001 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303382\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n\n ____________________________________________________________________\n \n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-062A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-062A Feedback VU#351217\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n March 3, 2006: Initial release\n \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx\ni+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC\nbqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc\ni2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH\nB1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u\nlKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g==\n=5Ooe\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0399"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#999708"
},
{
"db": "BID",
"id": "16736"
},
{
"db": "VULHUB",
"id": "VHN-16507"
},
{
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44362"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-0399",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "19129",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "23871",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-0949",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015760",
"trust": 1.8
},
{
"db": "BID",
"id": "16736",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA06-062A",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "27785",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#999708",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#433819",
"trust": 0.8
},
{
"db": "XF",
"id": "24808",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1015652",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "18963",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-03-13",
"trust": 0.6
},
{
"db": "XF",
"id": "25269",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-16507",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-0399",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61082",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA06-053A",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#176732",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#351217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44362",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#999708"
},
{
"db": "VULHUB",
"id": "VHN-16507"
},
{
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"db": "BID",
"id": "16736"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"id": "VAR-200603-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16507"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T22:27:21.937000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16507"
},
{
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2006/mar/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/23871"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1015760"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/19129"
},
{
"trust": 1.6,
"url": "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/27785/"
},
{
"trust": 0.8,
"url": "http://www.heise-security.co.uk/news/99257 "
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/homeusers/email-attachments.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/macosx/features/mail.html"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc1740"
},
{
"trust": 0.8,
"url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html"
},
{
"trust": 0.8,
"url": "http://www.heise.de/english/newsticker/news/69862"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/carbon/conceptual/launchservicesconcepts/lscconcepts/chapter_2_section_8.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/technotes/tn/tn2017.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/mac/moretoolbox/moretoolbox-11.html"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=108009"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/18963/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/16736"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/24808"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0397"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0398"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0399"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2006/feb/1015652.html"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0949"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25269"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-safarilaunchservicescoretypes-cve-2006-0399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://www.heise-security.co.uk/news/99257"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19064/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/176732\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/999708\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-053a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/351217\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303382\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#999708"
},
{
"db": "VULHUB",
"id": "VHN-16507"
},
{
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"db": "BID",
"id": "16736"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#999708"
},
{
"db": "VULHUB",
"id": "VHN-16507"
},
{
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"db": "BID",
"id": "16736"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-27T00:00:00",
"db": "CERT/CC",
"id": "VU#433819"
},
{
"date": "2006-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#999708"
},
{
"date": "2006-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-16507"
},
{
"date": "2006-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"date": "2006-02-21T00:00:00",
"db": "BID",
"id": "16736"
},
{
"date": "2007-11-26T16:56:43",
"db": "PACKETSTORM",
"id": "61082"
},
{
"date": "2006-03-06T09:45:32",
"db": "PACKETSTORM",
"id": "44362"
},
{
"date": "2006-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"date": "2006-03-14T11:02:00",
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-27T00:00:00",
"db": "CERT/CC",
"id": "VU#433819"
},
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#999708"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-16507"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2006-0399"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "16736"
},
{
"date": "2006-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-249"
},
{
"date": "2017-07-20T01:29:43.863000",
"db": "NVD",
"id": "CVE-2006-0399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mail remote command execution vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#433819"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-249"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.