CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
100.0%
Added: 02/24/2006
CVE: CVE-2006-0848
BID: 16736
OSVDB: 23366
The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when downloaded.
Safari does not check for explicit binding before opening a file it believes is safe. This could allow the automatic execution of shell scripts contained within a specially crafted archive file.
Disable the open safe files after downloading option.
<http://www.kb.cert.org/vuls/id/999708>
This exploit requires a user to follow a link to the exploit. Exploit works on Mac OS X 10.4.
Mac OS 10.4