ID

VAR-200603-0271


CVE

CVE-2006-0400


TITLE

Apple Mail buffer overflow vulnerability

Trust: 0.8

sources: CERT/CC: VU#980084

DESCRIPTION

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives.". Apple Mail contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Apple Safari is susceptible to a same-origin policy violation. This issue is due to the application's failure to properly enforce same-origin policy for JavaScript remote data access. An attacker may create a malicious webpage that can access the properties of another domain. This may lead to disclosure of sensitive information or may facilitate other attacks against a user of the browser. Safari is a WEB browser bundled with Apple's family of operating systems. But under certain circumstances, a maliciously crafted document can bypass these restrictions and execute arbitrary code in the user's browser

Trust: 2.7

sources: NVD: CVE-2006-0400 // CERT/CC: VU#980084 // JVNDB: JVNDB-2006-003847 // BID: 17082 // VULHUB: VHN-16508

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.4 to 10.4.5

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:10.4 to 10.4.5

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

sources: CERT/CC: VU#980084 // BID: 17082 // JVNDB: JVNDB-2006-003847 // CNNVD: CNNVD-200603-244 // NVD: CVE-2006-0400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0400
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#980084
value: 6.63

Trust: 0.8

NVD: CVE-2006-0400
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200603-244
value: HIGH

Trust: 0.6

VULHUB: VHN-16508
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0400
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-16508
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#980084 // VULHUB: VHN-16508 // JVNDB: JVNDB-2006-003847 // CNNVD: CNNVD-200603-244 // NVD: CVE-2006-0400

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-244

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200603-244

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003847

PATCH

title:17082url:http://www.securityfocus.com/bid/17082

Trust: 0.8

title:19129url:http://secunia.com/advisories/19129

Trust: 0.8

title:articleurl:http://docs.info.apple.com/article.html?artnum=303453

Trust: 0.8

sources: JVNDB: JVNDB-2006-003847

EXTERNAL IDS

db:NVDid:CVE-2006-0400

Trust: 2.8

db:SECUNIAid:19129

Trust: 2.5

db:BIDid:17082

Trust: 2.0

db:OSVDBid:23873

Trust: 1.7

db:SECTRACKid:1015763

Trust: 1.7

db:VUPENid:ADV-2006-0949

Trust: 1.7

db:CERT/CCid:VU#980084

Trust: 0.8

db:JVNDBid:JVNDB-2006-003847

Trust: 0.8

db:CNNVDid:CNNVD-200603-244

Trust: 0.7

db:XFid:25208

Trust: 0.6

db:APPLEid:APPLE-SA-2006-03-13

Trust: 0.6

db:VULHUBid:VHN-16508

Trust: 0.1

sources: CERT/CC: VU#980084 // VULHUB: VHN-16508 // BID: 17082 // JVNDB: JVNDB-2006-003847 // CNNVD: CNNVD-200603-244 // NVD: CVE-2006-0400

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=303453

Trust: 2.8

url:http://lists.apple.com/archives/security-announce/2006/mar/msg00001.html

Trust: 1.7

url:http://www.securityfocus.com/bid/17082

Trust: 1.7

url:http://www.osvdb.org/23873

Trust: 1.7

url:http://securitytracker.com/id?1015763

Trust: 1.7

url:http://secunia.com/advisories/19129

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0949

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25208

Trust: 1.1

url:http://www.digitalmunition.com/dma[2006-0313a].txt

Trust: 0.8

url:http://secunia.com/advisories/19129/

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0400

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0400

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/0949

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/25208

Trust: 0.6

url:http://www.apple.com/safari/

Trust: 0.3

sources: CERT/CC: VU#980084 // VULHUB: VHN-16508 // BID: 17082 // JVNDB: JVNDB-2006-003847 // CNNVD: CNNVD-200603-244 // NVD: CVE-2006-0400

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200603-244

SOURCES

db:CERT/CCid:VU#980084
db:VULHUBid:VHN-16508
db:BIDid:17082
db:JVNDBid:JVNDB-2006-003847
db:CNNVDid:CNNVD-200603-244
db:NVDid:CVE-2006-0400

LAST UPDATE DATE

2024-11-23T21:10:34.069000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#980084date:2006-03-29T00:00:00
db:VULHUBid:VHN-16508date:2017-07-20T00:00:00
db:BIDid:17082date:2006-03-14T21:05:00
db:JVNDBid:JVNDB-2006-003847date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200603-244date:2006-03-15T00:00:00
db:NVDid:CVE-2006-0400date:2024-11-21T00:06:22.477

SOURCES RELEASE DATE

db:CERT/CCid:VU#980084date:2006-03-17T00:00:00
db:VULHUBid:VHN-16508date:2006-03-14T00:00:00
db:BIDid:17082date:2006-03-13T00:00:00
db:JVNDBid:JVNDB-2006-003847date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200603-244date:2006-03-14T00:00:00
db:NVDid:CVE-2006-0400date:2006-03-14T11:02:00