Lucene search
SAINT CorporationSAINT:186CC82BEADAD1E59B3193CDEEA73E73HistoryFeb 24, 2006 - 12:00 a.m.
Safari archive metadata command execution
2006-02-2400:00:00
SAINT Corporation
www.saintcorporation.com
17
EPSS
0.975
Percentile
100.0%
Added: 02/24/2006
CVE: CVE-2006-0848
BID: 16736
OSVDB: 23366
Background
The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when downloaded.
Problem
Safari does not check for explicit binding before opening a file it believes is safe. This could allow the automatic execution of shell scripts contained within a specially crafted archive file.
Resolution
Disable the open safe files after downloading option.
References
<http://www.kb.cert.org/vuls/id/999708>
Limitations
This exploit requires a user to follow a link to the exploit. Exploit works on Mac OS X 10.4.
Platforms
Mac OS 10.4
Related
saint
saint
Safari archive metadata command execution
2006-02-24 00:00:00
Safari archive metadata command execution
2006-02-24 00:00:00
Safari archive metadata command execution
2006-02-24 00:00:00
cve
cve
CVE-2006-0848
2006-02-22 23:02:00
CVE-2006-0394
2006-03-02 01:02:00
prion
prion
Design/Logic Flaw
2006-02-22 23:02:00
cvelist
cvelist
CVE-2006-0848
2006-02-22 23:00:00
metasploit
metasploit
Safari Archive Metadata Command Execution
2009-07-21 15:20:35
packetstorm
packetstorm
Safari Archive Metadata Command Execution
2009-10-28 00:00:00
exploitdb
exploitdb
Apple Safari - Archive Metadata Command Execution (Metasploit)
2010-09-20 00:00:00
nvd
nvd
CVE-2006-0848
2006-02-22 23:02:00
CVE-2006-0394
2006-03-02 01:02:00
cert
cert
Apple Safari automatically executes arbitrary shell commands or code
2006-02-21 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2006-001)
2006-03-02 00:00:00