Lucene search

MitreCVE-2007-6165

HistoryNov 29, 2007 - 1:46 a.m.

CVE-2007-6165

2007-11-2901:46:00

CWE-264

CWE-20

mitre

web.nvd.nist.gov

cve-2007-6165

apple mac os x leopard

user-assisted

remote attackers

arbitrary code execution

appledouble attachment

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.3

Confidence

High

EPSS

0.117

Percentile

95.4%

JSON

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.

Affected configurations

Nvd

Node

applemac_os_xMatch10.5

VendorProductVersionCPE
applemac_os_x10.5cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.5	cpe:2.3:o:apple:mac_os_x:10.5:::::::*

References

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

secunia.com/advisories/27785

secunia.com/advisories/28136

securitytracker.com/id?1019106

www.heise-security.co.uk/news/99257

www.kb.cert.org/vuls/id/433819

www.securityfocus.com/bid/26510

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3958

www.vupen.com/english/advisories/2007/4238

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.3

Confidence

High

EPSS

0.117

Percentile

95.4%

JSON

Related for CVE-2007-6165