ID |
CVE-2006-1447
|
Summary |
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file. This vulnerability is addressed in the following product release:
Apple, Mac OS X, 10.4.6 (2006-003) |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 20-07-2017 - 01:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
refmap
via4
|
apple | APPLE-SA-2006-05-11 | bid | 17951 | cert | TA06-132A | osvdb | 25591 | sectrack | 1016081 | secunia | 20077 | vupen | ADV-2006-1779 | xf | macos-launchservices-security-bypass(26416) |
|
Last major update |
20-07-2017 - 01:30 |
Published |
12-05-2006 - 21:02 |
Last modified |
20-07-2017 - 01:30 |