Secunia Security Advisory - A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user's system.
9ea4357436b8e616f367d79ddb64cb678074b73bd3603b0d48f4a5f64446a951
----------------------------------------------------------------------
2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
----------------------------------------------------------------------
TITLE:
Apple Mail Command Execution Vulnerability
SECUNIA ADVISORY ID:
SA27785
VERIFY ADVISORY:
http://secunia.com/advisories/27785/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
A vulnerability has been reported in Apple Mail, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the handling of unsafe
file types in email attachments. This can be exploited via a specially
crafted email containing an attachment of an ostensibly safe file type
(e.g. ".jpg") to execute arbitrary shell commands when the attachment
is double-clicked.
This is related to vulnerability #8 in:
SA19064
The vulnerability is reported in Apple Mail included in Apple Mac OS
X 10.5 (Leopard).
SOLUTION:
Do not open attachments from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
Originally discovered in Mac OS X 10.4 and reported in Apple Mac OS X
10.5 by heise Security.
ORIGINAL ADVISORY:
http://www.heise-security.co.uk/news/99257
OTHER REFERENCES:
SA19064:
http://secunia.com/advisories/19064/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed