Skip to main content

Configuration

CVE-2006-0848

Severity Medium
Score 5.1/10

Summary

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

  • HIGH
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

  • Published