{"vuid":"VU#980084","idnumber":"980084","name":"Apple Mail buffer overflow vulnerability","keywords":["Apple","Mac OS X","buffer overflow","Real Name entry","arbitrary code execution","double-clicking","attachment","privilege escalation","AppleDouble header"],"overview":"Apple Mail contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Apple Mail Mac OS X includes the Mail application (Mail.app) for handling electronic mail. The Problem Apple Mail contains a buffer overflow caused by lack of validation on MIME encapsulted files. The buffer overflow may be triggered when an email message with a specially crafted attachment is opened with Mail. Considerations According to public reports this vulnerability is introduced by Apple Security Update 2006-001. Exploit code for this vulnerability is publicly available.","impact":"By convincing a user to open a specially crafted attachment, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running Mail.","resolution":"Install an update \nThis issue is corrected in Apple Security Update 2006-002.","workarounds":"Do not open attachments from untrusted sources To protect against Only open email attachemnts from trusted or known sources.","sysaffected":"","thanks":"This vulnerability was reported by Kevin Finisterre.","author":"This document was written by Jeff Gennari.","public":["http://www.digitalmunition.com/DMA[2006-0313a].txt","http://docs.info.apple.com/article.html?artnum=303453","http://secunia.com/advisories/19129/"],"cveids":["CVE-2006-0396"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-03-14T20:58:28Z","publicdate":"2006-03-13T00:00:00Z","datefirstpublished":"2006-03-17T13:06:42Z","dateupdated":"2006-03-29T12:44:31Z","revision":21,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"11","cam_attackeraccessrequired":"7","cam_scorecurrent":"6.6268125","cam_scorecurrentwidelyknown":"8.46759375","cam_scorecurrentwidelyknownexploited":"15.83071875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.6268125,"vulnote":null}