[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0848Date: (C)2006-02-22   (M)2023-12-22


The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015652
BID-16736
SECUNIA-18963
OSVDB-23510
ADV-2006-0671
TA06-053A
TA06-062A
VU#999708
http://docs.info.apple.com/article.html?artnum=303382
http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php
http://www.heise.de/english/newsticker/news/69862
http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
macosx-zip-command-execution(24808)

CPE    2
cpe:/o:apple:mac_os_x_server:10.4.5
cpe:/o:apple:mac_os_x:10.4.5
CWE    1
CWE-16

© SecPod Technologies