BROWSER-WEBKIT -- Snort has detected traffic known to exploit vulnerabilities present in the Webkit browser engine (aside from Chrome) this includes Apple’s Safari, RIM’s mobile browser, Nokia, KDE, Webkit itself, and Palm. Attacks often insert code via exploits, cause webkit renderings in the browser to crash, or otherwise create chaos or exploit for entrance.
BROWSER-WEBKIT Apple Safari x-unix-mode executable mail attachment
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. Impact: CVSS base score 5.1 CVSS impact score 6.4 CVSS exploitability score 4.9 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL Details: Ease of Attack:
No information provided
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
CVE-2006-0848 |
Loading description
|