Russian Vulnerability Scanner Database

Back to List

CVE-2006-0848

Scores

EPSS

0.788medium78.8%
0%20%40%60%80%100%

Percentile: 78.8%

CVSS

5.1medium2.0
0246810

CVSS Score: 5.1/10

All CVSS Scores

CVSS 2.0
5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Description

The “Open ‘safe’ files after downloading” option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-16

Exploits

Exploit ID: 16866

Source: exploitdb

URL: https://www.exploit-db.com/exploits/16866

Vulnerable Software (2)

Type: Configuration

Vendor: *

Product: mac_os_x

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:...

Source: nvd

Type: Configuration

Vendor: *

Product: mac_os_x_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:...

Source: nvd

End of list