CVE-2006-1457 - Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automat

CVE-2006-1457

Summary

Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

apple	APPLE-SA-2006-05-11
bid	17951
cert	TA06-132A
cert-vn	VU#519473
osvdb	25598
sectrack	1016069
secunia	20077
vupen	ADV-2006-1779
xf	safari-archive-code-execution(26427)

Last major update

20-07-2017 - 01:30

Published

12-05-2006 - 21:02

Last modified

20-07-2017 - 01:30