Sign-up

ID

VAR-200612-0014


CVE

CVE-2006-5681


TITLE

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 21672 // CNNVD: CNNVD-200612-441

DESCRIPTION

QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. Apple Mac OS X is prone to an information-disclosure vulnerability. Attackers may exploit this issue by convincing victims into visiting a malicious website. If this tool is used in conjunction with Quartz Composer, it is possible to capture graphics containing local information. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Quicktime/Quartz Composer Information Disclosure SECUNIA ADVISORY ID: SA23438 VERIFY ADVISORY: http://secunia.com/advisories/23438/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: A vulnerability has been reported in Mac OS X, which can be exploited by malicious people to gain knowledge of sensitive information. SOLUTION: Apply Security Update 2006-008. PROVIDED AND/OR DISCOVERED BY: The vendor credits Geoff Beier. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=304916 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5681 // JVNDB: JVNDB-2006-001479 // BID: 21672 // VULHUB: VHN-21789 // PACKETSTORM: 53130

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4 to 10.4.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

sources: BID: 21672 // JVNDB: JVNDB-2006-001479 // CNNVD: CNNVD-200612-441 // NVD: CVE-2006-5681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5681
value: LOW

Trust: 1.0

NVD: CVE-2006-5681
value: LOW

Trust: 0.8

CNNVD: CNNVD-200612-441
value: LOW

Trust: 0.6

VULHUB: VHN-21789
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2006-5681
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21789
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21789 // JVNDB: JVNDB-2006-001479 // CNNVD: CNNVD-200612-441 // NVD: CVE-2006-5681

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-441

TYPE

Design Error

Trust: 0.9

sources: BID: 21672 // CNNVD: CNNVD-200612-441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001479

PATCH
title:APPLE-SA-2006-12-19url:http://lists.apple.com/archives/Security-announce/2006/Dec/msg00000.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001479

EXTERNAL IDS
db:NVDid:CVE-2006-5681
Trust: 2.8
db:BIDid:21672
Trust: 2.0
db:SECUNIAid:23438
Trust: 1.8
db:SECTRACKid:1017402
Trust: 1.7
db:OSVDBid:32380
Trust: 1.7
db:VUPENid:ADV-2006-5072
Trust: 1.7
db:JVNDBid:JVNDB-2006-001479
Trust: 0.8
db:CNNVDid:CNNVD-200612-441
Trust: 0.7
db:APPLEid:APPLE-SA-2006-12-19
Trust: 0.6
db:VULHUBid:VHN-21789
Trust: 0.1
db:PACKETSTORMid:53130
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21789 // 
            
            
            
            BID: 21672 // 
            
            
            
            JVNDB: JVNDB-2006-001479 // 
            
            
            
            PACKETSTORM: 53130 // 
            
            
            
            CNNVD: CNNVD-200612-441 // 
            
            
            
            NVD: CVE-2006-5681

REFERENCES
url:http://docs.info.apple.com/article.html?artnum=304916
Trust: 2.1
url:http://lists.apple.com/archives/security-announce/2006/dec/msg00000.html
Trust: 1.7
url:http://www.securityfocus.com/bid/21672
Trust: 1.7
url:http://www.osvdb.org/32380
Trust: 1.7
url:http://securitytracker.com/id?1017402
Trust: 1.7
url:http://secunia.com/advisories/23438
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/5072
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5681
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5681
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/5072
Trust: 0.6
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/23438/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21789 // 
            
            
            
            BID: 21672 // 
            
            
            
            JVNDB: JVNDB-2006-001479 // 
            
            
            
            PACKETSTORM: 53130 // 
            
            
            
            CNNVD: CNNVD-200612-441 // 
            
            
            
            NVD: CVE-2006-5681

CREDITS
Geoff Beier
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-441

SOURCES
db:VULHUBid:VHN-21789
db:BIDid:21672
db:JVNDBid:JVNDB-2006-001479
db:PACKETSTORMid:53130
db:CNNVDid:CNNVD-200612-441
db:NVDid:CVE-2006-5681

LAST UPDATE DATE
2025-04-10T23:24:27.312000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21789date:2011-03-08T00:00:00
db:BIDid:21672date:2006-12-19T23:17:00
db:JVNDBid:JVNDB-2006-001479date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-441date:2006-12-20T00:00:00
db:NVDid:CVE-2006-5681date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-21789date:2006-12-20T00:00:00
db:BIDid:21672date:2006-12-19T00:00:00
db:JVNDBid:JVNDB-2006-001479date:2012-06-26T00:00:00
db:PACKETSTORMid:53130date:2006-12-20T22:30:34
db:CNNVDid:CNNVD-200612-441date:2006-12-19T00:00:00
db:NVDid:CVE-2006-5681date:2006-12-20T02:28:00