发布时间 :2006-08-02 21:04:00
修订时间 :2017-07-19 21:32:21

[原文]The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

[CNNVD]Apple Mac OS Safari JavaScript代码绕过漏洞(CNNVD-200608-046)

        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x_server:10.4.7Apple Mac OS X Server 10.4.7
cpe:/o:apple:mac_os_x:10.4.7Apple Mac OS X 10.4.7

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  19289
(UNKNOWN)  VUPEN  ADV-2006-3101
(UNKNOWN)  XF  macosx-launchservices-script-execution(28146)

- 漏洞信息

Apple Mac OS Safari JavaScript代码绕过漏洞
中危 资料不足
2006-08-02 00:00:00 2006-08-09 00:00:00
        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- 公告与补丁

        Apple Mac OS X Server 10.3.9
        Apple SecUpdSrvr2006-004Pan.dmg 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
        Apple Mac OS X 10.3.9
        Apple SecUpd2006-004Pan.dmg 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
        Apple Mac OS X 10.4.7
        Apple SecUpd2006-004Intel.dmg 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg

- 漏洞信息

Apple Mac OS X LaunchServices Download Validation Bypass
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary Javascript code. The issue is triggered when LaunchServices identifies certain HTML files as "safe," and Safari's "open 'safe' files after downloading" option is enabled, which may allow Javascript code in the file to run locally and bypass restrictions placed on remote code. It is possible that the flaw may allow arbitrary Javascript code execution resulting in a loss of integrity.

- 时间线

2006-07-14 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete