CVE-2006-1448

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.

References

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

http://secunia.com/advisories/20077

http://securitytracker.com/id?1016082

http://www.osvdb.org/25592

http://www.securityfocus.com/bid/17951

http://www.us-cert.gov/cas/techalerts/TA06-132A.html

http://www.vupen.com/english/advisories/2006/1779

https://exchange.xforce.ibmcloud.com/vulnerabilities/26410

Details

Source: MITRE

Published: 2006-05-12

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
3617Mac OS X Multiple Vulnerabilities (Security Update 2006-003)Nessus Network MonitorOperating System Detection
medium
3616Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
21341Mac OS X Multiple Vulnerabilities (Security Update 2006-003)NessusMacOS X Local Security Checks
critical
3318Curl < 7.15.1 Multiple Remote OverflowsNessus Network MonitorWeb Clients
critical
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
high
3256Curl NTLM Buffer OverflowNessus Network MonitorWeb Clients
medium
3255GNU WGet < 1.10.2 Buffer OverflowNessus Network MonitorWeb Clients
medium
3505ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
medium
801390Curl NTLM Buffer OverflowLog Correlation EngineWeb Clients
high
801386Curl <= 7.15.0 Multiple Remote OverflowsLog Correlation EngineWeb Clients
high
801197Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high