CVE-2006-3504

MEDIUM

Description

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

References

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

http://secunia.com/advisories/21253

http://www.osvdb.org/27743

http://www.securityfocus.com/bid/19289

http://www.us-cert.gov/cas/techalerts/TA06-214A.html

http://www.vupen.com/english/advisories/2006/3101

https://exchange.xforce.ibmcloud.com/vulnerabilities/28146

Details

Source: MITRE

Published: 2006-08-03

Updated: 2017-07-20

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM