返回 CVE 瀏覽器

CVE-2006-4887

HIGH

7.2

CVSS Severity Score

EPSS Score0.1190%

EPSS Percentile34.13th

Published2006年9月19日

Last Modified2026年4月16日

Vulnerability Description

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Affected Platforms (CPE)

📦

Apple

Apple Remote Desktop

= 2.0.0

📦

Apple

Apple Remote Desktop

= 2.1.0

📦

Apple

Apple Remote Desktop

= 3.0.0

💻

Apple

Mac Os X

<= 10.2.8

References & Advisories

🔗 http://www.osvdb.org/32260

🔗 http://www.securityfocus.com/archive/1/446371/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/446751/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/447043/100/0/threaded

🔗 http://www.securityfocus.com/bid/20092

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/29060

🔗 http://www.osvdb.org/32260

🔗 http://www.securityfocus.com/archive/1/446371/100/0/threaded

相關漏洞威脅

CVE-2004-096210.0

Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator a...

CVE-2008-25409.3

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecogni...

CVE-2013-51357.5

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows re...

CVE-2017-24887.5

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Se...