cvelistv5 - CVE-2006-3946

CVE-2006-3946 (GCVE-0-2006-3946)

Vulnerability from cvelistv5

Published

2006-07-31 23:00

Modified

2024-08-07 18:48

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2006-3946

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3946

Aliases

CVE-2006-3946

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3946",
    "description": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.",
    "id": "GSD-2006-3946"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3946"
      ],
      "details": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.",
      "id": "GSD-2006-3946",
      "modified": "2023-12-13T01:19:57.385389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3946",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html",
            "refsource": "MISC",
            "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html"
          },
          {
            "name": "safari-khtmlparser-code-execution(28081)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081"
          },
          {
            "name": "22187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22187"
          },
          {
            "name": "ADV-2006-3852",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3852"
          },
          {
            "name": "27534",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27534"
          },
          {
            "name": "21271",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21271"
          },
          {
            "name": "APPLE-SA-2006-09-29",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
          },
          {
            "name": "19250",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19250"
          },
          {
            "name": "1016957",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016957"
          },
          {
            "name": "ADV-2006-3069",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3069"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3946"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html"
            },
            {
              "name": "21271",
              "refsource": "SECUNIA",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21271"
            },
            {
              "name": "19250",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/19250"
            },
            {
              "name": "27534",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27534"
            },
            {
              "name": "APPLE-SA-2006-09-29",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
            },
            {
              "name": "22187",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22187"
            },
            {
              "name": "1016957",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016957"
            },
            {
              "name": "ADV-2006-3069",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3069"
            },
            {
              "name": "ADV-2006-3852",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3852"
            },
            {
              "name": "safari-khtmlparser-code-execution(28081)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:32Z",
      "publishedDate": "2006-07-31T23:04Z"
    }
  }
}

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Safari is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker entices a victim user to visit a malicious website or to open a malicious HTML file. Failed exploit attempts result in crashing the application, effectively denying service to legitimate users. Possible buffer overflow.

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

Your nationality is not important.

The vulnerability is caused due to an error in the "KHTMLParser::popOneBlock()" function. This can be exploited to cause a memory corruption via a script element in a div element redefining the document body.

The vulnerability has been confirmed in version 2.0.4 (419.3). Other versions may also be affected.

SOLUTION: Disable JavaScript support.

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA22187

VERIFY ADVISORY: http://secunia.com/advisories/22187/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error in the CFNetwork component may allow a malicious SSL site to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).

4) An error in the kernel's error handling mechanism known as Mach exception ports can be exploited by malicious, local users to execute arbitrary code in privileged applications.

5) An unchecked error condition in the LoginWindow component may result in Kerberos tickets being accessible to other local users after an unsuccessful attempt to log in.

6) Another error in the LoginWindow component during the handling of "Fast User Switching" may result in Kerberos tickets being accessible to other local users.

8) An error makes it possible for an account to manage WebObjects applications after the "Admin" privileges have been revoked.

9) A memory corruption error in QuickDraw Manager when processing PICT images can potentially be exploited via a specially crafted PICT image to execute arbitrary code.

10) An error in SASL can be exploited by malicious people to cause a DoS (Denial of Service) against the IMAP service.

For more information: SA19618

11) A memory management error in WebKit's handling of certain HTML can be exploited by malicious people to compromise a user's system.

SOLUTION: Update to version 10.4.8 or apply Security Update 2006-006. 3) The vendor credits Tom Saxton, Idle Loop Software Design. 4) The vendor credits Dino Dai Zovi, Matasano Security. 5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. 6) The vendor credits Ragnar Sundblad, Royal Institute of Technology. 8) The vendor credits Phillip Tejada, Fruit Bat Software. 12) The vendor credits Chris Pepper, The Rockefeller University.

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304460

OTHER REFERENCES: SA19618: http://secunia.com/advisories/19618/

SA20971: http://secunia.com/advisories/20971/

SA21271: http://secunia.com/advisories/21271/

SA21865: http://secunia.com/advisories/21865/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. visiting a malicious website.

2) An unspecified error can be exploited to bypass the "allowScriptAccess" option.

3) Unspecified errors exist in the way the ActiveX control is invoked by Microsoft Office products on Windows.

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for reporting one of the vulnerabilities. 2) Reported by the vendor. 3) Reported by the vendor

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0331",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 5.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "adobe",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4 to  v10.4.7 up to version"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4 to  v10.4.7 up to version"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "mobile safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "BID",
        "id": "19250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "hdm is credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "19250"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3946",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2006-3946",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-20054",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-3946",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#346396",
            "trust": 0.8,
            "value": "0.54"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#897628",
            "trust": 0.8,
            "value": "2.76"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#838404",
            "trust": 0.8,
            "value": "1.38"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#546772",
            "trust": 0.8,
            "value": "11.70"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#451380",
            "trust": 0.8,
            "value": "33.41"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#168372",
            "trust": 0.8,
            "value": "14.29"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-3946",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200607-513",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20054",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X  handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker  to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Safari is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker entices a victim user to visit a malicious website or to open a malicious HTML file. Failed exploit attempts result in crashing the application, effectively denying service to legitimate users. Possible buffer overflow. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \n\nThe vulnerability is caused due to an error in the\n\"KHTMLParser::popOneBlock()\" function. This can be exploited to cause\na memory corruption via a script element in a div element redefining\nthe document body. \n\nThe vulnerability has been confirmed in version 2.0.4 (419.3). Other\nversions may also be affected. \n\nSOLUTION:\nDisable JavaScript support. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA22187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22187/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Spoofing, Exposure of sensitive information,\nPrivilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error in the CFNetwork component may allow a malicious SSL site\nto pose as a trusted SLL site to CFNetwork clients (e.g. Safari). \n\n4) An error in the kernel\u0027s error handling mechanism known as Mach\nexception ports can be exploited by malicious, local users to execute\narbitrary code in privileged applications. \n\n5) An unchecked error condition in the LoginWindow component may\nresult in Kerberos tickets being accessible to other local users\nafter an unsuccessful attempt to log in. \n\n6) Another error in the LoginWindow component during the handling of\n\"Fast User Switching\" may result in Kerberos tickets being accessible\nto other local users. \n\n8) An error makes it possible for an account to manage WebObjects\napplications after the \"Admin\" privileges have been revoked. \n\n9) A memory corruption error in QuickDraw Manager when processing\nPICT images can potentially be exploited via a specially crafted PICT\nimage to execute arbitrary code. \n\n10) An error in SASL can be exploited by malicious people to cause a\nDoS (Denial of Service) against the IMAP service. \n\nFor more information:\nSA19618\n\n11) A memory management error in WebKit\u0027s handling of certain HTML\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nSOLUTION:\nUpdate to version 10.4.8 or apply Security Update 2006-006. \n3) The vendor credits Tom Saxton, Idle Loop Software Design. \n4) The vendor credits Dino Dai Zovi, Matasano Security. \n5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. \n6) The vendor credits Ragnar Sundblad, Royal Institute of\nTechnology. \n8) The vendor credits Phillip Tejada, Fruit Bat Software. \n12) The vendor credits Chris Pepper, The Rockefeller University. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=304460\n\nOTHER REFERENCES:\nSA19618:\nhttp://secunia.com/advisories/19618/\n\nSA20971:\nhttp://secunia.com/advisories/20971/\n\nSA21271:\nhttp://secunia.com/advisories/21271/\n\nSA21865:\nhttp://secunia.com/advisories/21865/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. visiting a malicious website. \n\n2) An unspecified error can be exploited to bypass the\n\"allowScriptAccess\" option. \n\n3) Unspecified errors exist in the way the ActiveX control is invoked\nby Microsoft Office products on Windows. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for\nreporting one of the vulnerabilities. \n2) Reported by the vendor. \n3) Reported by the vendor",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      },
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "db": "BID",
        "id": "19250"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "db": "PACKETSTORM",
        "id": "48714"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      }
    ],
    "trust": 7.29
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "22187",
        "trust": 5.8
      },
      {
        "db": "BID",
        "id": "19250",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "21271",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "21865",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016957",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3069",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3852",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "27534",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#847468",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "28081",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-09-29",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-20054",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50441",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "49912",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "db": "BID",
        "id": "19250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "db": "PACKETSTORM",
        "id": "48714"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "id": "VAR-200607-0331",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:16:49.737000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Mac OS X 10.4.8 Update (Intel)",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
      },
      {
        "title": "Mac OS X 10.4.8 Update (PPC)",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
      },
      {
        "title": "Mac OS X 10.4.8 and Security Update 2006-006",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=304460"
      },
      {
        "title": "Mac OS X 10.4.8 and Security Update 2006-006",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=304460-ja"
      },
      {
        "title": "Mac OS X 10.4.8 Update (Intel)",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateintel.html"
      },
      {
        "title": "Mac OS X 10.4.8 Update (PPC)",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateppc.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.1,
        "url": "http://secunia.com/advisories/22187/"
      },
      {
        "trust": 4.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304460"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/19250"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/21271"
      },
      {
        "trust": 2.1,
        "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/21865/"
      },
      {
        "trust": 1.7,
        "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/27534"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016957"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22187"
      },
      {
        "trust": 1.6,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2006/3069"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3069"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3852"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com/technet/security/advisory/925143.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/tech_tips/home_networks.html#iv"
      },
      {
        "trust": 0.8,
        "url": "http://www.macintouch.com/index.shtml#other.2006.10.03.xvul"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33"
      },
      {
        "trust": 0.8,
        "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16494"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/devnet/security/security_zone/mpsb02-08.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3946"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-3946"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/28081"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3852"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/21271/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5289/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20060061039server.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1048updateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1048comboupdateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20971/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048comboupdateintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20060061039client.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1048updateuniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19618/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048comboupdateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3191/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6153/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3192/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2634/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7024/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5246/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "db": "BID",
        "id": "19250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "db": "PACKETSTORM",
        "id": "48714"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "db": "BID",
        "id": "19250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "db": "PACKETSTORM",
        "id": "48714"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "date": "2006-09-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "date": "2006-09-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "date": "2006-07-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "date": "2006-07-29T00:00:00",
        "db": "BID",
        "id": "19250"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "date": "2006-08-02T08:14:26",
        "db": "PACKETSTORM",
        "id": "48714"
      },
      {
        "date": "2006-10-03T01:14:36",
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "date": "2006-09-12T22:17:26",
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "date": "2006-07-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "date": "2006-07-31T23:04:00",
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "date": "2006-10-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "date": "2006-11-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "date": "2007-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "date": "2006-11-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20054"
      },
      {
        "date": "2006-09-29T22:10:00",
        "db": "BID",
        "id": "19250"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000663"
      },
      {
        "date": "2006-10-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      },
      {
        "date": "2024-11-21T00:14:46.710000",
        "db": "NVD",
        "id": "CVE-2006-3946"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Workgroup Manager fails to properly enable ShadowHash passwords",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-513"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2006-3946

Vulnerability from fkie_nvd

Published

2006-07-31 23:04

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html	Exploit
cve@mitre.org	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
cve@mitre.org	http://secunia.com/advisories/21271	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22187	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016957
cve@mitre.org	http://www.osvdb.org/27534
cve@mitre.org	http://www.securityfocus.com/bid/19250	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3069	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3852	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28081
af854a3a-2127-422b-91ae-364da2661108	http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21271	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22187	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016957
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27534
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19250	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3069	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28081

Impacted products

Vendor	Product	Version
apple	safari	2.0.4
apple	mac_os_x	10.3.9
apple	mac_os_x	10.4
apple	mac_os_x	10.4.1
apple	mac_os_x	10.4.2
apple	mac_os_x	10.4.3
apple	mac_os_x	10.4.4
apple	mac_os_x	10.4.5
apple	mac_os_x	10.4.6
apple	mac_os_x	10.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag."
    },
    {
      "lang": "es",
      "value": "WebCore en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante HTML artesanal que provoca un \"error de gesti\u00f3n de memoria\" en WebKit, posiblemente debido a un desbordamiento de buffer, como fue originalmente reportado para la funci\u00f3n KHTMLParser::popOneBlock en Apple Safari 2.0.4 usando Javascript que cambia document.body.innerHTML dentro de una etiqueta DIV."
    }
  ],
  "id": "CVE-2006-3946",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-31T23:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21271"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016957"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27534"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/19250"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3069"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/19250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-w328-9wrc-m6wh

Vulnerability from github

Published

2022-05-01 07:13

Modified

2022-05-01 07:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-07-31T23:04:00Z",
    "severity": "HIGH"
  },
  "details": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.",
  "id": "GHSA-w328-9wrc-m6wh",
  "modified": "2022-05-01T07:13:48Z",
  "published": "2022-05-01T07:13:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3946"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081"
    },
    {
      "type": "WEB",
      "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21271"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016957"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27534"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19250"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3069"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-416

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système, telles que Adobe Flash Player, Safari ou QuickDraw. L'exploitation de ces vulnérabilités peut permettre à une personne malveillante d'élever ses privilèges localement, voire d'exécuter des commandes arbitraires à distance.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système. Parmi celles-ci :

une vulnérabilité dans CFNetwork, une interface de programmation permettant l'abstraction de certaines fonctionnalités des couches réseau : elle ne manipulerait pas correctement les authentifications SSL. Tout client s'appuyant sur elle, comme le navigateur Safari, pourrait donc montrer une connexion SSL authentifiée et chiffrée (icône cadenas dans la fenêtre du navigateur), bien que l'authentification ne soit pas effectuée.
plusieurs vulnérabilités dans l'application Adobe Flash Player, aussi commentées dans l'avis du CERTA CERTA-2006-AVI-398 : celle-ci ne manipulerait pas convenablement certains fichiers multimedia au format .swf, permettant à un document spécialement construit de contourner le paramètre de sécurité nommé allowScriptAccess de l'application vulnérable.
une vulnérabilité dans l'application ImageIO : elle n'interprèterait pas correctement certaines images JPEG2000. Une personne malveillant pourrait construire un document particulier exploitant cette vulnérabilité, afin d'exécuter du code arbitraire lorsque l'image est visualisée sur le système vulnérable.
une vulnérabilité dans la manipulation des erreurs par le noyau de Mac OS X : quand une erreur survient (fermer une application brutalement par exemple), le noyau fait appel à des ports d'exception Mach. Une personne malveillante pourrait profiter des droits accordés à ces derniers pour élever ses privilèges à ceux de l'administrateur (root).
plusieurs vulnérabilités dans l'application LoginWindow : cette application gère notamment les services autorisés aux utilisateurs qui se connecteraient à distance sur le système. Il serait possible pour une personne malveillante de contourner la politique de contrôle d'accès spécifiée dans le système.
une vulnérabilité dans le service Préferences, servant à configurer le système d'exploitation : les privilèges ne seraient pas correctement nettoyés à la suppression d'un compte administrateur.
une vulnérabilité non documentée concernant la manipulation d'images PICT par l'application QuickDraw Manager.
une vulnérabilité dans le service de messagerie Cyrus SASL, au cours de la négaociation DIGEST-MD5 : une personne malveillante pourrait construire un paquet particulier, perturbant le système vulnérable qui le recevrait.
une vulnérabilité de l'utilitaire WebCore : celui-ci est un moteur de rendu HTML pour le système d'exploitation Mac OS X. C'est un des composants primaires repris dans l'utilitaire WebKit. Il ne manipulerait pas correctement certains documents au format HTML, permettant à un utilisateur d'exécuter du code sur le système qui ouvrirait son document construit de manière malveillante.
une vulnérabilité dans le service d'administration Workgroup Manager, qui n'utiliserait pas correctement les mots de passe ShadowHash avec la hiérarchie des domaines de NetInfo.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.4, pour les versions antérieures à 10.4.8.
Apple	N/A	Apple Mac OS X Server version 10.3.9 ;
Apple	N/A	Apple Mac OS X v10.4 , pour les versions antérieures à 10.4.8 ;
Apple	N/A	Apple Mac OS X version 10.3.9 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-3946 (GCVE-0-2006-3946)

Vulnerability from cvelistv5

gsd-2006-3946

Vulnerability from gsd

var-200607-0331

Vulnerability from variot

fkie_cve-2006-3946

Vulnerability from fkie_nvd

ghsa-w328-9wrc-m6wh

Vulnerability from github

CERTA-2006-AVI-416

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature