CVE-2006-4887

high

Description

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29060

http://www.securityfocus.com/bid/20092

http://www.securityfocus.com/archive/1/447043/100/0/threaded

http://www.securityfocus.com/archive/1/446751/100/0/threaded

http://www.securityfocus.com/archive/1/446371/100/0/threaded

http://www.osvdb.org/32260

Details

Source: Mitre, NVD

Published: 2006-09-19

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00065