Lucene search

K
cve[email protected]CVE-2006-3504
HistoryAug 03, 2006 - 1:04 a.m.

CVE-2006-3504

2006-08-0301:04:00
NVD-CWE-Other
web.nvd.nist.gov
19
cve-2006-3504
download validation
launchservices
apple
mac os x 10.4.7
safari
javascript
security vulnerability

6.6 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as “safe”, which could allow attackers to execute Javascript code in local context when the “Open ‘safe’ files after downloading” option is enabled in Safari.

6.6 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

Related for CVE-2006-3504