CVE-2006-1447 - Vulnerability Details - OpenCVE

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
http://secunia.com/advisories/20077
http://securitytracker.com/id?1016081
http://www.osvdb.org/25591
http://www.securityfocus.com/bid/17951
http://www.us-cert.gov/cas/techalerts/TA06-132A.html
http://www.vupen.com/english/advisories/2006/1779
https://exchange.xforce.ibmcloud.com/vulnerabilities/26416

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-12T21:00:00

Updated: 2024-08-07T17:12:21.686Z

Reserved: 2006-03-28T00:00:00

Link: CVE-2006-1447

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-05-12T21:02:00.000

Modified: 2024-11-21T00:08:52.880

Link: CVE-2006-1447

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17951", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17951"}, {"name": "ADV-2006-1779", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1779"}, {"name": "TA06-132A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"}, {"name": "1016081", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016081"}, {"name": "APPLE-SA-2006-05-11", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"}, {"name": "25591", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25591"}, {"name": "20077", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20077"}, {"name": "macos-launchservices-security-bypass(26416)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1447", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17951", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17951"}, {"name": "ADV-2006-1779", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1779"}, {"name": "TA06-132A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"}, {"name": "1016081", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016081"}, {"name": "APPLE-SA-2006-05-11", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"}, {"name": "25591", "refsource": "OSVDB", "url": "http://www.osvdb.org/25591"}, {"name": "20077", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20077"}, {"name": "macos-launchservices-security-bypass(26416)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:21.686Z"}, "title": "CVE Program Container", "references": [{"name": "17951", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17951"}, {"name": "ADV-2006-1779", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1779"}, {"name": "TA06-132A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"}, {"name": "1016081", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016081"}, {"name": "APPLE-SA-2006-05-11", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"}, {"name": "25591", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25591"}, {"name": "20077", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20077"}, {"name": "macos-launchservices-security-bypass(26416)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1447", "datePublished": "2006-05-12T21:00:00", "dateReserved": "2006-03-28T00:00:00", "dateUpdated": "2024-08-07T17:12:21.686Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nApple, Mac OS X, 10.4.6 (2006-003)", "id": "CVE-2006-1447", "lastModified": "2024-11-21T00:08:52.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-12T21:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20077"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016081"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25591"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17951"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1779"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/25591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1779"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26416"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}