Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2006-05-12 CVE-2006-2238 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function.
network
low complexity
apple CWE-119
7.5
7.5
2006-05-12 CVE-2006-1457 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
network
high complexity
apple
2.6
2.6
2006-05-12 CVE-2006-1456 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.
network
low complexity
apple
7.5
7.5
2006-05-12 CVE-2006-1455 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
network
low complexity
apple
7.8
7.8
2006-05-12 CVE-2006-1452 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy.
local
low complexity
apple
4.6
4.6
2006-05-12 CVE-2006-1451 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
local
low complexity
apple
7.2
7.2
2006-05-12 CVE-2006-1450 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes.
network
low complexity
apple
7.5
7.5
2006-05-12 CVE-2006-1449 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.
network
low complexity
apple
7.5
7.5
2006-05-12 CVE-2006-1448 Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.
network
low complexity
apple
6.5
6.5
2006-05-12 CVE-2006-1447 Multiple vulnerability in Apple mac OS X 10.4.6
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
network
low complexity
apple
5.0
5.0