CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.5%
Apple Mac OS X fails to properly handle corrupted DMG image structures. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service.
A vulnerability in the way Mac OS X com.apple.AppleDiskImageController handles malformed DMG files could lead to a memory corruption.
We are aware of publicly available proof-of-concept code that demonstrates this vulnerability.
The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service.
Upgrade
Apple has issued an upgrade to address this issue. See Apple Security Update 2007-003 for more details.
Disable Open “safe” files after downloading option
For instructions on how to disable the Open “safe” files after downloading option in Safari, please refer to the Safari section of the Securing Your Web Browser document.
Do not access** DMG files from untrusted sources**
Do not download DMG files from unknown or untrusted sources. Do not open unfamiliar or unexpected links, particularly those delivered in email messages. Please see Cyber Security Tip ST04-014.
367424
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 21, 2006 Updated: March 13, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://docs.info.apple.com/article.html?artnum=305214> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23367424 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported in Month of Kernel Bugs MOKB-20-11-2006 by LMH.
This document was written by Chris Taschner.
CVE IDs: | CVE-2006-6061 |
---|---|
Severity Metric: | 15.99 Date Public: |