CVE-2006-0848 - The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assi

CVE-2006-0848

Summary

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	16736
cert	TA06-053A TA06-062A
cert-vn	VU#999708
confirm	http://docs.info.apple.com/article.html?artnum=303382
misc	http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php http://www.heise.de/english/newsticker/news/69862 http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
osvdb	23510
sectrack	1015652
secunia	18963
vupen	ADV-2006-0671
xf	macosx-zip-command-execution(24808)

saint via4

bid	16736
description	Safari archive metadata command execution
osvdb	23366
title	safari_safe_file_explicit_bind
type	client

Last major update

20-07-2017 - 01:30

Published

22-02-2006 - 23:02

Last modified

20-07-2017 - 01:30