CVE-2006-0399 — Code Injection in Apple MAC OS X

CWE-94 — Code Injection7 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 14

Latest updateMay 1

Description

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x6 versions+5

▶NVDapple/mac_os_x_server6 versions+5

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-73m4-w6c9-gpqf: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10↗2022-05-01

▶

GHSA

GHSA-7f25-xcvg-54gm: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10↗2022-05-01

▶

GHSA

GHSA-gwvq-c7xm-5vcr: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10↗2022-05-01

▶

💬Community

Bugzilla

Multiple tar issues (CVE-2005-1918, CVE-2006-0300)↗2006-03-02

▶