ID CVE-2006-0395
Summary The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2006-03-01
bid 16907
cert TA06-062A
confirm http://docs.info.apple.com/article.html?artnum=303382
osvdb 23645
secunia 19064
vupen ADV-2006-0791
xf macosx-mail-bypass-security(25027)
Last major update 20-07-2017 - 01:29
Published 05-08-2006 - 01:04
Last modified 20-07-2017 - 01:29
Back to Top