CVE-2006-0400
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/03/2006
Last modified:
03/04/2025
Description
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://docs.info.apple.com/article.html?artnum=303453
- http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html
- http://secunia.com/advisories/19129
- http://securitytracker.com/id?1015763=
- http://www.osvdb.org/23873
- http://www.securityfocus.com/bid/17082
- http://www.vupen.com/english/advisories/2006/0949
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25208
- http://docs.info.apple.com/article.html?artnum=303453
- http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html
- http://secunia.com/advisories/19129
- http://securitytracker.com/id?1015763=
- http://www.osvdb.org/23873
- http://www.securityfocus.com/bid/17082
- http://www.vupen.com/english/advisories/2006/0949
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25208