Details of VAR-200506-0134

ID

VAR-200506-0134

CVE

CVE-2005-1473

TITLE

Apple Mac OS X Screen saver context menu access vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200506-108

DESCRIPTION

SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. Apple Mac OS X is susceptible to a screen saver contextual menu access vulnerability. This issue presents itself when a user locks their screen. When the screen saver prompts for the password when a user attempts to unlock the screen, contextual menus are available in the text-input fields. Attackers may be able to partially bypass locked-screen restrictions. This may allow attackers to cause inappropriate, incriminating, or otherwise unwanted Web sites to be displayed on targeted computers. It may also allow them to exploit other latent vulnerabilities in applications used to handle URIs, by opening malicious Web sites or network resources. An attacker could exploit this vulnerability to partially bypass lock screen restrictions, display inappropriate sites and launch background applications on the target machine

Trust: 1.26

sources: NVD: CVE-2005-1473 // BID: 13696 // VULHUB: VHN-12682

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.1	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.1	Trust: 0.3

sources: BID: 13696 // CNNVD: CNNVD-200506-108 // NVD: CVE-2005-1473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1473
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200506-108
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-12682
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-1473
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12682
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12682 // CNNVD: CNNVD-200506-108 // NVD: CVE-2005-1473

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1473

THREAT TYPE

local

Trust: 0.9

sources: BID: 13696 // CNNVD: CNNVD-200506-108

TYPE

Design Error

Trust: 0.9

sources: BID: 13696 // CNNVD: CNNVD-200506-108

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1473	Trust: 2.0
db:	CNNVD	id:	CNNVD-200506-108	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-05-19	Trust: 0.6
db:	BID	id:	13696	Trust: 0.4
db:	VULHUB	id:	VHN-12682	Trust: 0.1

sources: VULHUB: VHN-12682 // BID: 13696 // CNNVD: CNNVD-200506-108 // NVD: CVE-2005-1473

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/may/msg00004.html	Trust: 1.7
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-12682 // BID: 13696 // CNNVD: CNNVD-200506-108 // NVD: CVE-2005-1473

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200506-108

SOURCES

db:	VULHUB	id:	VHN-12682
db:	BID	id:	13696
db:	CNNVD	id:	CNNVD-200506-108
db:	NVD	id:	CVE-2005-1473

LAST UPDATE DATE

2024-08-14T13:40:12.957000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12682	date:	2008-09-05T00:00:00
db:	BID	id:	13696	date:	2009-07-12T14:56:00
db:	CNNVD	id:	CNNVD-200506-108	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1473	date:	2008-09-05T20:49:15.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12682	date:	2005-06-13T00:00:00
db:	BID	id:	13696	date:	2005-05-20T00:00:00
db:	CNNVD	id:	CNNVD-200506-108	date:	2005-05-26T00:00:00
db:	NVD	id:	CVE-2005-1473	date:	2005-06-13T04:00:00