Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0395 — Improper Input Validation in Apple MAC OS X

CWE-20 — Improper Input Validation8 documents4 sources

Severity

9.3CRITICALNVD

NVD5.1

EPSS

64.0%

top 1.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedAug 5

Latest updateMay 1

Description

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x10.4.5, 10.5+1

▶NVDapple/mac_os_x_server10.4.5

🔴Vulnerability Details

GHSA

GHSA-hg2w-rj9x-ph62: The Download Validation in Mail in Mac OS X 10↗2022-05-01

▶

GHSA

GHSA-9gxh-58f6-h4hh: Mail in Apple Mac OS X Leopard (10↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mail.app - Image Attachment Command Execution (Metasploit)↗2011-03-05

▶

Exploit-DB

Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution↗2007-11-20

▶

Exploit-DB

Apple Mail.App 10.5.0 (OSX) - Image Attachment Command Execution (Metasploit)↗2006-03-01

▶

Metasploit

Mail.app Image Attachment Command Execution↗

▶