FKIE_CVE-2006-3504

Vulnerability from fkie_nvd - Published: 2006-08-03 01:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/21253
cve@mitre.orghttp://www.osvdb.org/27743
cve@mitre.orghttp://www.securityfocus.com/bid/19289
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA06-214A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3101
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28146
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21253
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27743
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19289
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3101
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28146
Impacted products
Vendor Product Version
apple mac_os_x 10.4.7
apple mac_os_x_server 10.4.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC9692A-CE81-446D-B136-449662C4B9A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as \"safe\", which could allow attackers to execute Javascript code in local context when the \"Open \u0027safe\u0027 files after downloading\" option is enabled in Safari."
    },
    {
      "lang": "es",
      "value": "El validador de descargas en LaunchServices para Apple Mac OS X 10.4.7 puede identificar cierto HTML como \"seguro\",lo cual podr\u00eda permitir a atacantes ejecutar c\u00f3digo Javascript en un contexto local cuan la opci\u00f3n \"Abrir archivos seguros despu\u00e9s de la descarga\" est\u00e1 habilitada en Safari."
    }
  ],
  "id": "CVE-2006-3504",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-08-03T01:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21253"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27743"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19289"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3101"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28146"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.