Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0396

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0396
Last Modified 07 Mar 2011 09:29:56
Published 14 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0396

Summary

Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4

  • Apple Mac Os X 10.4.1

  • Apple Mac Os X 10.4.2

  • Apple Mac Os X 10.4.3

  • Apple Mac Os X 10.4.4

  • Apple Mac Os X 10.4.5

  • Apple Mac Os X Server 10.4

  • Apple Mac Os X Server 10.4.1

  • Apple Mac Os X Server 10.4.2

  • Apple Mac Os X Server 10.4.3

  • Apple Mac Os X Server 10.4.4

  • Apple Mac Os X Server 10.4.5


References

CERT-VN - VU#980084

BID - 17081

SECTRACK - 1015762

SECUNIA - 19129

VUPEN - ADV-2006-0949

BUGTRAQ - 20060314 DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow'

MISC - http://www.digitalmunition.com/DMA%5B2006-0313a%5D.txt

APPLE - APPLE-SA-2006-03-13

CONFIRM - http://docs.info.apple.com/article.html?artnum=303453

XF - macosx-mail-attachment-bo(25209)

OSVDB - 23872

Related Patches

Apple 2006-03-13 Security Update 2006-002 Mac OS X 10.4.5 (PPC)

Apple 2006-03-16 Security Update 2006-002 v.1.1 Mac OS X 10.4.5 (PPC)


Last Updated: 27 May 2016 10:41:38