Sign-up

ID

VAR-200603-0271


CVE

CVE-2006-0400


TITLE

Apple Mail buffer overflow vulnerability

Trust: 0.8

sources: CERT/CC: VU#980084

DESCRIPTION

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives.". Apple Mail contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Apple Safari is susceptible to a same-origin policy violation. This issue is due to the application's failure to properly enforce same-origin policy for JavaScript remote data access. An attacker may create a malicious webpage that can access the properties of another domain. This may lead to disclosure of sensitive information or may facilitate other attacks against a user of the browser. Safari is a WEB browser bundled with Apple's family of operating systems. But under certain circumstances, a maliciously crafted document can bypass these restrictions and execute arbitrary code in the user's browser

Trust: 2.7

sources: NVD: CVE-2006-0400 // CERT/CC: VU#980084 // JVNDB: JVNDB-2006-003847 // BID: 17082 // VULHUB: VHN-16508

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.4 to 10.4.5

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:10.4 to 10.4.5

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

sources: CERT/CC: VU#980084 // BID: 17082 // JVNDB: JVNDB-2006-003847 // CNNVD: CNNVD-200603-244 // NVD: CVE-2006-0400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0400
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#980084
value: 6.63

Trust: 0.8

NVD: CVE-2006-0400
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200603-244
value: HIGH

Trust: 0.6

VULHUB: VHN-16508
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0400
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-16508
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#980084 // VULHUB: VHN-16508 // JVNDB: JVNDB-2006-003847 // CNNVD: CNNVD-200603-244 // NVD: CVE-2006-0400

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-244

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200603-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003847

PATCH
title:17082url:http://www.securityfocus.com/bid/17082
Trust: 0.8
title:19129url:http://secunia.com/advisories/19129
Trust: 0.8
title:articleurl:http://docs.info.apple.com/article.html?artnum=303453
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-003847

EXTERNAL IDS
db:NVDid:CVE-2006-0400
Trust: 2.8
db:SECUNIAid:19129
Trust: 2.5
db:BIDid:17082
Trust: 2.0
db:OSVDBid:23873
Trust: 1.7
db:SECTRACKid:1015763
Trust: 1.7
db:VUPENid:ADV-2006-0949
Trust: 1.7
db:CERT/CCid:VU#980084
Trust: 0.8
db:JVNDBid:JVNDB-2006-003847
Trust: 0.8
db:CNNVDid:CNNVD-200603-244
Trust: 0.7
db:XFid:25208
Trust: 0.6
db:APPLEid:APPLE-SA-2006-03-13
Trust: 0.6
db:VULHUBid:VHN-16508
Trust: 0.1
sources:
            
            
            CERT/CC: VU#980084 // 
            
            
            
            VULHUB: VHN-16508 // 
            
            
            
            BID: 17082 // 
            
            
            
            JVNDB: JVNDB-2006-003847 // 
            
            
            
            CNNVD: CNNVD-200603-244 // 
            
            
            
            NVD: CVE-2006-0400

REFERENCES
url:http://docs.info.apple.com/article.html?artnum=303453
Trust: 2.8
url:http://lists.apple.com/archives/security-announce/2006/mar/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/17082
Trust: 1.7
url:http://www.osvdb.org/23873
Trust: 1.7
url:http://securitytracker.com/id?1015763
Trust: 1.7
url:http://secunia.com/advisories/19129
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/0949
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25208
Trust: 1.1
url:http://www.digitalmunition.com/dma[2006-0313a].txt
Trust: 0.8
url:http://secunia.com/advisories/19129/
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0400
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0400
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/0949
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/25208
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#980084 // 
            
            
            
            VULHUB: VHN-16508 // 
            
            
            
            BID: 17082 // 
            
            
            
            JVNDB: JVNDB-2006-003847 // 
            
            
            
            CNNVD: CNNVD-200603-244 // 
            
            
            
            NVD: CVE-2006-0400

CREDITS
Apple
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200603-244

SOURCES
db:CERT/CCid:VU#980084
db:VULHUBid:VHN-16508
db:BIDid:17082
db:JVNDBid:JVNDB-2006-003847
db:CNNVDid:CNNVD-200603-244
db:NVDid:CVE-2006-0400

LAST UPDATE DATE
2024-08-14T12:09:37.552000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#980084date:2006-03-29T00:00:00
db:VULHUBid:VHN-16508date:2017-07-20T00:00:00
db:BIDid:17082date:2006-03-14T21:05:00
db:JVNDBid:JVNDB-2006-003847date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200603-244date:2006-03-15T00:00:00
db:NVDid:CVE-2006-0400date:2017-07-20T01:29:43.927

SOURCES RELEASE DATE
db:CERT/CCid:VU#980084date:2006-03-17T00:00:00
db:VULHUBid:VHN-16508date:2006-03-14T00:00:00
db:BIDid:17082date:2006-03-13T00:00:00
db:JVNDBid:JVNDB-2006-003847date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200603-244date:2006-03-14T00:00:00
db:NVDid:CVE-2006-0400date:2006-03-14T11:02:00