CVE-2006-1447

high

Description

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26416

http://www.vupen.com/english/advisories/2006/1779

http://www.us-cert.gov/cas/techalerts/TA06-132A.html

http://www.securityfocus.com/bid/17951

http://www.osvdb.org/25591

http://securitytracker.com/id?1016081

http://secunia.com/advisories/20077

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

Details

Source: Mitre, NVD

Published: 2006-05-12

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00501

Detections

Analytics