Signature Detail

Short Name	HTTP:MISC:MAC-COMM-EXEC
Severity	Medium
Recommended	No
Category	HTTP
Keywords	Apple Mac OS X Archive Metadata Command Execution
Release Date	2015/06/09
Update Number	2503
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apple Mac OS X Archive Metadata Command Execution

This signature detects attempts to exploit a known vulnerability against Apple MAC. A successful exploit can lead to remote command execution.

Extended Description

Apple Mac OS X is prone to an arbitrary command-execution vulnerability when processing metadata in archive files. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected.

Affected Products

Apple Mac OS X 10.3.9
Apple Mac OS X 10.4.5
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.4.5

References

BugTraq: 16736
CVE: CVE-2006-0848

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apple Mac OS X Archive Metadata Command Execution

Extended Description

Affected Products

References