CVE-2006-3504 - The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "sa

CVE-2006-3504

Summary

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2006-08-01
bid	19289
cert	TA06-214A
osvdb	27743
secunia	21253
vupen	ADV-2006-3101
xf	macosx-launchservices-script-execution(28146)

Last major update

20-07-2017 - 01:32

Published

03-08-2006 - 01:04

Last modified

20-07-2017 - 01:32