CVE-2005-1723 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Mac Os X Server	10.4

References

http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.htmlPatchVendor Advisory
http://securitytracker.com/id?1014141
http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.htmlPatchVendor Advisory
http://securitytracker.com/id?1014141

FAQ

What is CVE-2005-1723?

CVE-2005-1723 is a vulnerability with a CVSS score of 7.5 (HIGH). LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to ...

How severe is CVE-2005-1723?

CVE-2005-1723 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1723?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X Server.