Vulnerability Details : CVE-2006-3504
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
Products affected by CVE-2006-3504
- cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3504
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3504
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2006-3504
-
http://secunia.com/advisories/21253
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28146
-
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Page Not Found | CISAUS Government Resource
-
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Apple - Lists.apple.com
-
http://www.securityfocus.com/bid/19289
-
http://www.vupen.com/english/advisories/2006/3101
Site en construction
-
http://www.osvdb.org/27743
Jump to