CVE-2006-0406

Current Description

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."

Basic Data

PublishedMarch 14, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSAppleMac Os X10.4*******
    2.3OSAppleMac Os X10.4.1*******
    2.3OSAppleMac Os X10.4.2*******
    2.3OSAppleMac Os X10.4.3*******
    2.3OSAppleMac Os X10.4.4*******
    2.3OSAppleMac Os X10.4.5*******
    2.3OSAppleMac Os X Server10.4*******
    2.3OSAppleMac Os X Server10.4.1*******
    2.3OSAppleMac Os X Server10.4.2*******
    2.3OSAppleMac Os X Server10.4.3*******
    2.3OSAppleMac Os X Server10.4.4*******
    2.3OSAppleMac Os X Server10.4.5*******

Vulnerable Software List

VendorProductVersions
Apple Mac Os X Server 10.4, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5
Apple Mac Os X 10.4, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5

References

NameSourceURLTags
http://docs.info.apple.com/article.html?artnum=303453http://docs.info.apple.com/article.html?artnum=303453CONFIRM
APPLE-SA-2006-03-13http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.htmlAPPLE
19129http://secunia.com/advisories/19129SECUNIAPatch Vendor Advisory
1015763http://securitytracker.com/id?1015763SECTRACK
23873http://www.osvdb.org/23873OSVDB
17082http://www.securityfocus.com/bid/17082BIDPatch
ADV-2006-0949http://www.vupen.com/english/advisories/2006/0949VUPEN
macosx-sameorigin-policy-bypass(25208)https://exchange.xforce.ibmcloud.com/vulnerabilities/25208XF