{"vuid":"VU#566132","idnumber":"566132","name":"Apple Mac OS X WebKit may allow code execution when visiting a malicious website","keywords":["Apple","Mac OS X","WebKit","arbitrary code execution","malicious website","deallocated object","apple-2006-004"],"overview":"A vulnerability in Apple Mac OS X WebKit may allow an attacker to execute arbitrary code on an affected system.","clean_desc":"WebKit\nFrom the OpenDarwin WebKit project description, WebKit is an open source web browser engine. WebKit is also the name of the Mac OS X system framework version of the engine that's used by Safari, Dashboard, Mail, and many other OS X applications. The Problem\nPer Apple, an attacker may be able to create a specially crafted HTML document that could cause a previously deallocated object to be accessed.","impact":"By convincing a user to view a specially crafted web page or HTML file, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or crash the program that opened the malicious document.","resolution":"Upgrade\nApple has addressed this issue in Security Update 2006-004. Refer to Apple's Security Update site for more information.","workarounds":"Do not Open Untrusted Links Do not open or follow untrusted hyperlinks. Refer to the National Cyber Security Alliance's document \"Stay Safe Online\" for more information on opening unknown hyperlinks.","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability. Apple in turn thanks Jesse Ruderman of the Mozilla Corporation.","author":"This document was written by Ryan Giobbi.","public":["http://secunia.com/advisories/21253/","http://docs.info.apple.com/article.html?artnum=304063"],"cveids":["CVE-2006-3505"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-08-02T12:58:15Z","publicdate":"2006-08-01T00:00:00Z","datefirstpublished":"2006-08-02T16:44:11Z","dateupdated":"2006-08-02T18:10:13Z","revision":32,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"11","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"6","cam_easeofexploitation":"8","cam_attackeraccessrequired":"13","cam_scorecurrent":"1.638","cam_scorecurrentwidelyknown":"2.691","cam_scorecurrentwidelyknownexploited":"5.031","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.638,"vulnote":null}