Vulnerability Note VU#980084

Apple Mail buffer overflow vulnerability

Original Release date: 17 Mar 2006 | Last revised: 29 Mar 2006


Apple Mail contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.


Apple Mail

Mac OS X includes the Mail application ( for handling electronic mail.

The Problem

Apple Mail contains a buffer overflow caused by lack of validation on MIME encapsulted files. The buffer overflow may be triggered when an email message with a specially crafted attachment is opened with Mail.


According to public reports this vulnerability is introduced by Apple Security Update 2006-001.

Exploit code for this vulnerability is publicly available.


By convincing a user to open a specially crafted attachment, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running Mail.


Install an update
This issue is corrected in Apple Security Update 2006-002.

Do not open attachments from untrusted sources

To protect against Only open email attachemnts from trusted or known sources.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-15 Mar 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported by Kevin Finisterre.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-0396
  • Date Public: 13 Mar 2006
  • Date First Published: 17 Mar 2006
  • Date Last Updated: 29 Mar 2006
  • Severity Metric: 6.63
  • Document Revision: 21


If you have feedback, comments, or additional information about this vulnerability, please send us email.