CVE-2006-3504

Published: Aug 3, 2006Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

Affected (2)

Products: Apple: Mac Os X, Mac Os X Server

2 products

Mac Os X Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.4.7
Apple Mac Os X Server	Version 10.4.7

References (14)

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

Source: cve@mitre.org

http://secunia.com/advisories/21253

Source: cve@mitre.org

http://www.osvdb.org/27743

Source: cve@mitre.org

http://www.securityfocus.com/bid/19289

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA06-214A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2006/3101

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28146

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21253

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/27743

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19289

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA06-214A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2006/3101

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/28146

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.