----------------------------------------------------------------------

2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

----------------------------------------------------------------------

TITLE:
Apple Mail Command Execution Vulnerability

SECUNIA ADVISORY ID:
SA27785

VERIFY ADVISORY:
http://secunia.com/advisories/27785/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
A vulnerability has been reported in Apple Mail, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the handling of unsafe
file types in email attachments. This can be exploited via a specially
crafted email containing an attachment of an ostensibly safe file type
(e.g. ".jpg") to execute arbitrary shell commands when the attachment
is double-clicked.

This is related to vulnerability #8 in:
SA19064

The vulnerability is reported in Apple Mail included in Apple Mac OS
X 10.5 (Leopard).

SOLUTION:
Do not open attachments from untrusted sources.

PROVIDED AND/OR DISCOVERED BY:
Originally discovered in Mac OS X 10.4 and reported in Apple Mac OS X
10.5 by heise Security.

ORIGINAL ADVISORY:
http://www.heise-security.co.uk/news/99257

OTHER REFERENCES:
SA19064:
http://secunia.com/advisories/19064/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------