Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1985 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

22.2%

top 4.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server Apple Safari

Timeline

PublishedApr 21

Latest updateMay 1

Description

Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶NVDapple/safari4 versions+3

▶NVDapple/mac_os_x17 versions+16

▶NVDapple/mac_os_x_server17 versions+16

Patches

Patch: lists.apple.com ↗Patch: secunia.com ↗Patch: www.security-protocols.com ↗

🔴Vulnerability Details

GHSA

GHSA-vfxp-4fv7-7wjm: Heap-based buffer overflow in BOM BOMArchiveHelper 10↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow↗2006-09-27

▶

Exploit-DB

Ipswitch WS_FTP LE 5.08 - PASV Response Remote Buffer Overflow↗2006-09-20

▶

Exploit-DB

Texas Imperial Software WFTPD 3.23 - 'SIZE' Remote Buffer Overflow↗2006-08-21

▶

Exploit-DB

Microsoft Windows - CanonicalizePathName() Remote (MS06-040)↗2006-08-19

▶

Exploit-DB

eIQnetworks License Manager - Remote Buffer Overflow (multi) (1)↗2006-07-27

▶