Vulnerabilities > CVE-2006-5681 - Information Disclosure vulnerability in Apple Mac OS X Quicktime For Java

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
high complexity
apple
nessus
NVD
Published: 2006-12-20
Updated: 2011-03-08

Summary

QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. Successful exploitation requires that the affected products are used in conjunction with Quartz Composer.

Vulnerable Configurations

Part Description Count
OS
Apple
18

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2006-008.NASL
descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2006-008 applied. This update fixes a flaw in QuickTime that may allow a rogue website to obtain the images rendered on the user screen. By combining this flaw with Quartz Composer, an attacker may be able to obtain screen shots of the remote host.
last seen2019-10-28
modified2006-12-20
plugin id23926
published2006-12-20
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/23926
titleMac OS X Security Update 2006-008
code
#TRUSTED a1474f6b7a39d522d061179b27f6d0bf2df02b819d80fcfbb04782d7cd5acf7fcbc570b93b77b405f9ece3604a67d23a42b694b98d31c6508ecc81e0499a84a676a7c9f74160d32d8d3c2a4c025790fc3cc4c9a1327facc48438e8d071d14b032fa583f87ff7c0915e49b7f643fed24cf961dcb7b10527b4b47e454a67a70cb7a7ee5ad23e5a57fb09d713de4d61d881a8c0df0c37351c7e2829bc5a08acf7a27638cb12f674a8567878220fe6c5550b60a7b04ed9ca05b82ab0b6064537b5c6c1132a7954408f9e2a5c96ce7088db56e6b015179ae5e2ab81f5b7f94e6e663af8ad1249bd5d3be56e78dbe1504b3376a5e9a92dc3f6e185103be1a898ab576482773a4bdc7cd7112c75af1df4dc9e736df10f583e2624e2beb216b34ccabf7dbaa05c808ae81220952daed5626065ee4c6f233be7591b1853468c597cfe553a8f878b40380d9a60a5ba6c54bd21b7d7b752a804d65738da4f8bf5d8cf033abd79967dff93b3da54cfb7243515201b74f944b8abf3b2a06d2f4b86db5c91c1b0b9462704e2d511cbb5936a16bcb4878c60572042a05e1955ee19863d1d1b6cc6e33e5baa7e4379b753b2cebf555c4f1a24188399ccdf42cc409a9a3bff447ad88588bbaeb3b17638b03d813dfca67203ba2e17c1a032ac197fc7dbb4f64c03063a86c0950a5a6c903fd71c621162342c6dc423c187552b1b9acb7f0808eae9e3
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(23926);
 script_version("1.17");
 script_set_attribute(attribute:"plugin_modification_date", value: "2018/07/14");

 script_cve_id("CVE-2006-5681");
 script_bugtraq_id(21672);

 script_name(english:"Mac OS X Security Update 2006-008");
 script_summary(english:"Check for the presence of SecUpdate 2006-008");

 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.4 that does not
have Security Update 2006-008 applied. 

This update fixes a flaw in QuickTime that may allow a rogue website to
obtain the images rendered on the user screen.  By combining this flaw
with Quartz Composer, an attacker may be able to obtain screen shots of
the remote host.");
 script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=304916");
 script_set_attribute(attribute:"solution", value:
"Install the security update 2006-008 :

http://www.apple.com/support/downloads/securityupdate2006008universal.html
http://www.apple.com/support/downloads/securityupdate2006008ppc.html");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/19");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/12/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/20");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

# Look at the exact version of QuartzComposer
cmd = GetBundleVersionCmd(file:"QuartzComposer.component", path:"/System/Library/Quicktime", long:TRUE);

if ( islocalhost() )
 buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
 ret = ssh_open_connection();
 if ( ! ret ) exit(0);
 buf = ssh_cmd(cmd:cmd);
 ssh_close_connection();
}

if ( buf !~ "^[0-9]" ) exit(0);

buf = chomp(buf);

set_kb_item(name:"MacOSX/QuickTimeQuartzComposer/Version", value:buf);

version = split(buf, sep:'.', keep:FALSE);

if (( int(version[0]) == 22 && int(version[1]) < 1 ) ||
    ( int(version[0]) == 22 && int(version[1]) == 1 && int(version[2]) < 3 ) ) security_note( 0 );

References