CVE-2006-1987 - Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code vi

CVE-2006-1987

Summary

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17634
misc	http://security-protocols.com/poc/sp-x26-4.html http://www.security-protocols.com/sp-x26-advisory.php
secunia	19686
vupen	ADV-2006-1452
xf	macosx-safari-dos(25946)

Last major update

20-07-2017 - 01:31

Published

21-04-2006 - 22:02

Last modified

20-07-2017 - 01:31