Vulnerability Note VU#999708
Apple Safari automatically executes arbitrary shell commands or code
Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code.
Apple Safari is a web browser that comes with the Mac OS X operating system.
By convincing a user to view a specially crafted HTML document (for example, a web page), an attacker may be able to execute arbitrary commands or code with the privileges of the user.
Install an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||02 Mar 2006||05 Dec 2006|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Michael Lehn.
This document was written by Will Dormann.
- CVE IDs: CVE-2006-0848
- Date Public: 19 Feb 2006
- Date First Published: 21 Feb 2006
- Date Last Updated: 07 Dec 2006
- Severity Metric: 35.44
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.