CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4887

HIGH
7.2
CVSS Severity Score
EPSS Score0.1190%
EPSS Percentile34.13th
PublishedSep 19, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Affected Platforms (CPE)

πŸ“¦
Apple

Apple Remote Desktop

= 2.0.0
πŸ“¦
Apple

Apple Remote Desktop

= 2.1.0
πŸ“¦
Apple

Apple Remote Desktop

= 3.0.0
πŸ’»
Apple

Mac Os X

<= 10.2.8

References & Advisories

πŸ”— http://www.osvdb.org/32260
πŸ”— http://www.securityfocus.com/archive/1/446371/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/446751/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/447043/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/20092
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/29060
πŸ”— http://www.osvdb.org/32260
πŸ”— http://www.securityfocus.com/archive/1/446371/100/0/threaded

Related Vulnerabilities

CVE-2004-096210.0

Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator a...

CVE-2008-25409.3

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecogni...

CVE-2013-51357.5

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows re...

CVE-2017-24887.5

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Se...