Sign-up

ID

VAR-200505-0290


CVE

CVE-2005-1408


TITLE

Apple Keynote Local File Disclosure Vulnerability

Trust: 0.9

sources: BID: 13771 // CNNVD: CNNVD-200505-1207

DESCRIPTION

Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Keynote Arbitrary File Retrieval Vulnerability SECUNIA ADVISORY ID: SA15508 VERIFY ADVISORY: http://secunia.com/advisories/15508/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From remote SOFTWARE: Apple Keynote 2.x http://secunia.com/product/5156/ DESCRIPTION: David Remahl has reported a vulnerability in Keynote, which can be exploited by malicious people to gain knowledge of sensitive information. SOLUTION: Update to version 2.0.2. http://www.apple.com/iwork/keynote/download/ PROVIDED AND/OR DISCOVERED BY: David Remahl ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301713 David Remahl: http://remahl.se/david/vuln/016/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-1408 // BID: 13771 // VULHUB: VHN-12617 // PACKETSTORM: 37720

AFFECTED PRODUCTS

vendor:applemodel:keynotescope:eqversion:2.0.1

Trust: 1.9

vendor:applemodel:keynotescope:eqversion:2.0.0

Trust: 1.6

vendor:applemodel:keynotescope:eqversion:2.0

Trust: 0.9

vendor:applemodel:keynotescope:neversion:2.0.2

Trust: 0.3

sources: BID: 13771 // CNNVD: CNNVD-200505-1207 // NVD: CVE-2005-1408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1408
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-1207
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12617
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-1408
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12617 // CNNVD: CNNVD-200505-1207 // NVD: CVE-2005-1408

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-1207

TYPE

Design Error

Trust: 0.9

sources: BID: 13771 // CNNVD: CNNVD-200505-1207

EXTERNAL IDS

db:NVDid:CVE-2005-1408

Trust: 2.0

db:SECUNIAid:15508

Trust: 1.8

db:SECTRACKid:1014053

Trust: 1.7

db:CNNVDid:CNNVD-200505-1207

Trust: 0.7

db:APPLEid:APPLE-SA-2005-05-25

Trust: 0.6

db:BIDid:13771

Trust: 0.4

db:VULHUBid:VHN-12617

Trust: 0.1

db:PACKETSTORMid:37720

Trust: 0.1

sources: VULHUB: VHN-12617 // BID: 13771 // PACKETSTORM: 37720 // CNNVD: CNNVD-200505-1207 // NVD: CVE-2005-1408

REFERENCES

url:http://remahl.se/david/vuln/016/

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2005/may/msg00005.html

Trust: 1.7

url:http://securitytracker.com/id?1014053

Trust: 1.7

url:http://secunia.com/advisories/15508

Trust: 1.7

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/5156/

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=301713

Trust: 0.1

url:http://secunia.com/advisories/15508/

Trust: 0.1

url:http://www.apple.com/iwork/keynote/download/

Trust: 0.1

sources: VULHUB: VHN-12617 // PACKETSTORM: 37720 // CNNVD: CNNVD-200505-1207 // NVD: CVE-2005-1408

CREDITS

Discovery is credited to David Remahl.

Trust: 0.9

sources: BID: 13771 // CNNVD: CNNVD-200505-1207

SOURCES

db:VULHUBid:VHN-12617
db:BIDid:13771
db:PACKETSTORMid:37720
db:CNNVDid:CNNVD-200505-1207
db:NVDid:CVE-2005-1408

LAST UPDATE DATE

2024-08-14T14:08:50.742000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12617date:2018-10-30T00:00:00
db:BIDid:13771date:2009-07-12T14:56:00
db:CNNVDid:CNNVD-200505-1207date:2005-10-20T00:00:00
db:NVDid:CVE-2005-1408date:2018-10-30T16:26:15.840

SOURCES RELEASE DATE

db:VULHUBid:VHN-12617date:2005-05-26T00:00:00
db:BIDid:13771date:2005-05-25T00:00:00
db:PACKETSTORMid:37720date:2005-05-29T20:22:44
db:CNNVDid:CNNVD-200505-1207date:2005-05-26T00:00:00
db:NVDid:CVE-2005-1408date:2005-05-26T04:00:00