DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.
2010-03-30T18:30:01.420
2025-04-11T00:51:21.963
Deferred
CVSSv2: 2.6 (LOW)
AV:N/AC:H/Au:N/C:P/I:N/A:N
4.9
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | apple | mac_os_x | 10.6.0 | Yes |
Operating System | apple | mac_os_x | 10.6.1 | Yes |
Operating System | apple | mac_os_x | 10.6.2 | Yes |
Operating System | apple | mac_os_x_server | 10.6.0 | Yes |
Operating System | apple | mac_os_x_server | 10.6.1 | Yes |
Operating System | apple | mac_os_x_server | 10.6.2 | Yes |