Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0400

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0400
Last Modified 07 Mar 2011 09:29:56
Published 14 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0400

Summary

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4

  • Apple Mac Os X 10.4.1

  • Apple Mac Os X 10.4.2

  • Apple Mac Os X 10.4.3

  • Apple Mac Os X 10.4.4

  • Apple Mac Os X 10.4.5

  • Apple Mac Os X Server 10.4

  • Apple Mac Os X Server 10.4.1

  • Apple Mac Os X Server 10.4.2

  • Apple Mac Os X Server 10.4.3

  • Apple Mac Os X Server 10.4.4

  • Apple Mac Os X Server 10.4.5


References

BID - 17082

SECUNIA - 19129

VUPEN - ADV-2006-0949

APPLE - APPLE-SA-2006-03-13

CONFIRM - http://docs.info.apple.com/article.html?artnum=303453

XF - macosx-sameorigin-policy-bypass(25208)

OSVDB - 23873

SECTRACK - 1015763

Related Patches

Apple 2006-03-13 Security Update 2006-002 Mac OS X 10.4.5 (PPC)

Apple 2006-03-16 Security Update 2006-002 v.1.1 Mac OS X 10.4.5 (PPC)


Last Updated: 27 May 2016 10:41:38