9.3

CVE-2007-6165

Exploit
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version10.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.75% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.info.apple.com/article.html?artnum=307179
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://secunia.com/advisories/28136
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/4238
Vendor Advisory
http://secunia.com/advisories/27785
Vendor Advisory
http://securitytracker.com/id?1019106
http://www.heise-security.co.uk/news/99257
Vendor Advisory
http://www.kb.cert.org/vuls/id/433819
US Government Resource
http://www.securityfocus.com/bid/26510
Exploit
http://www.vupen.com/english/advisories/2007/3958
Vendor Advisory