Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3504

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3504
Last Modified 07 Mar 2011 09:38:46
Published 02 Aug 2006 09:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3504

Summary

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4.7

  • Apple Mac Os X Server 10.4.7


References

CERT - TA06-214A

VUPEN - ADV-2006-3101

SECUNIA - 21253

APPLE - APPLE-SA-2006-08-01

XF - macosx-launchservices-script-execution(28146)

BID - 19289

OSVDB - 27743

Related Patches

Apple 2006-08-01 Security Update 2006-004 Mac OS X 10.4.7 Client (PPC)

Apple 2006-08-01 Security Update 2006-004 Mac OS X 10.4.7 Client (Intel)


Last Updated: 27 May 2016 10:43:02