Vulnerability Note VU#999708
Apple Safari automatically executes arbitrary shell commands or code
Overview
Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code.
Description
Safari Apple Safari is a web browser that comes with the Mac OS X operating system. |
Impact
By convincing a user to view a specially crafted HTML document (for example, a web page), an attacker may be able to execute arbitrary commands or code with the privileges of the user. |
Solution
Install an update |
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer, Inc. | Affected | 02 Mar 2006 | 05 Dec 2006 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://docs.info.apple.com/article.html?artnum=303382
- http://docs.info.apple.com/article.html?artnum=303453
- http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
- http://www.heise.de/english/newsticker/news/69862
- http://developer.apple.com/documentation/Carbon/Conceptual/LaunchServicesConcepts/LSCConcepts/chapter_2_section_8.html
- http://developer.apple.com/technotes/tn/tn2017.html
- http://developer.apple.com/documentation/mac/MoreToolbox/MoreToolbox-11.html
- http://docs.info.apple.com/article.html?artnum=108009
- http://secunia.com/advisories/18963/
- http://www.securityfocus.com/bid/16736
- http://xforce.iss.net/xforce/xfdb/24808
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0397
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0398
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0399
- http://securitytracker.com/alerts/2006/Feb/1015652.html
Credit
This vulnerability was publicly disclosed by Michael Lehn.
This document was written by Will Dormann.
Other Information
- CVE IDs: CVE-2006-0848
- Date Public: 19 Feb 2006
- Date First Published: 21 Feb 2006
- Date Last Updated: 07 Dec 2006
- Severity Metric: 35.44
- Document Revision: 37
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.