Vulnerability Details : CVE-2006-0848
Public exploit exists!
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
Exploit prediction scoring system (EPSS) score for CVE-2006-0848
Probability of exploitation activity in the next 30 days: 97.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-0848
-
Safari Archive Metadata Command Execution
Disclosure Date: 2006-02-21First seen: 2020-04-26exploit/osx/browser/safari_metadata_archiveThis module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should b
CVSS scores for CVE-2006-0848
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2006-0848
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-0848
-
http://www.securityfocus.com/bid/16736
Apple Mac OS X Archive Metadata Command Execution VulnerabilityExploit
-
http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php
Exploit;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-053A.html
Third Party Advisory;US Government Resource
-
http://www.kb.cert.org/vuls/id/999708
Third Party Advisory;US Government Resource
- http://docs.info.apple.com/article.html?artnum=303382
-
http://www.vupen.com/english/advisories/2006/0671
Vendor Advisory
-
http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
-
http://www.heise.de/english/newsticker/news/69862
-
http://www.us-cert.gov/cas/techalerts/TA06-062A.html
US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24808
-
http://securitytracker.com/id?1015652
Exploit
Products affected by CVE-2006-0848
- cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*