CVE-2006-1443 - Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent att

CVE-2006-1443

Summary

Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2006-05-11
bid	17951
cert	TA06-132A
osvdb	25587
sectrack	1016080
secunia	20077
vupen	ADV-2006-1779
xf	macos-corefoundation-integer-underflow(26408)

Last major update

20-07-2017 - 01:30

Published

12-05-2006 - 21:02

Last modified

20-07-2017 - 01:30