ID CVE-2006-1447
Summary LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
apple APPLE-SA-2006-05-11
bid 17951
cert TA06-132A
osvdb 25591
sectrack 1016081
secunia 20077
vupen ADV-2006-1779
xf macos-launchservices-security-bypass(26416)
Last major update 20-07-2017 - 01:30
Published 12-05-2006 - 21:02
Last modified 20-07-2017 - 01:30
Back to Top