The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
2011-03-23T02:00:04.173
2025-04-11T00:51:21.963
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apple | carboncore | * | No |
| Operating System | apple | mac_os_x | ≤ 10.6.6 | Yes |
| Operating System | apple | mac_os_x | 10.6.0 | Yes |
| Operating System | apple | mac_os_x | 10.6.1 | Yes |
| Operating System | apple | mac_os_x | 10.6.2 | Yes |
| Operating System | apple | mac_os_x | 10.6.3 | Yes |
| Operating System | apple | mac_os_x | 10.6.4 | Yes |
| Operating System | apple | mac_os_x | 10.6.5 | Yes |
| Application | apple | carboncore | * | Yes |
| Operating System | apple | mac_os_x_server | ≤ 10.6.6 | Yes |
| Operating System | apple | mac_os_x_server | 10.6.0 | Yes |
| Operating System | apple | mac_os_x_server | 10.6.1 | Yes |
| Operating System | apple | mac_os_x_server | 10.6.2 | Yes |
| Operating System | apple | mac_os_x_server | 10.6.3 | Yes |
| Operating System | apple | mac_os_x_server | 10.6.4 | Yes |
| Operating System | apple | mac_os_x_server | 10.6.5 | Yes |