CVE-2006-0395

Mac OS X 10.4 - Unsafe Attachment Handling in Mail Download Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-0395. PoCs published by H D Moore, hdm, kf, including Metasploit module exploits/osx/email/mailapp_image_exec.

AI-analyzed exploit summary This exploit targets a command execution vulnerability in Mail.app on Mac OS X 10.5.0 by sending a maliciously crafted email with an AppleDouble attachment. The payload is embedded in the resource fork of the attachment, which is executed when the email is processed.

Description

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

Exploits (3)

exploitdb WORKING POC VERIFIED
by H D Moore · rubyremoteosx
https://www.exploit-db.com/exploits/9929

This exploit targets a command execution vulnerability in Mail.app on Mac OS X 10.5.0 by sending a maliciously crafted email with an AppleDouble attachment. The payload is embedded in the resource fork of the attachment, which is executed when the email is processed.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mail.app on Mac OS X 10.5.0
No auth needed
Prerequisites: SMTP access to send emails to the target · Target must open or process the malicious email in Mail.app
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/16870

This Metasploit module exploits a command execution vulnerability in Mail.app on Mac OS X 10.5.0 by sending a maliciously crafted email with an AppleDouble-encoded image attachment. The exploit leverages a flaw in how Mail.app processes resource forks in attachments to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mail.app on Mac OS X 10.5.0
No auth needed
Prerequisites: SMTP access to send emails to the target · Target must open the malicious email in Mail.app
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC MANUAL
by hdm, kf · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/email/mailapp_image_exec.rb

This Metasploit module exploits a command execution vulnerability in Mail.app on Mac OS X 10.5.0 by sending a maliciously crafted email with an AppleDouble-encoded attachment. The exploit leverages a flaw in handling image attachments to execute arbitrary commands or payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mail.app on Mac OS X 10.5.0
No auth needed
Prerequisites: SMTP access to send emails to the target · Target must open the malicious email in Mail.app
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25027
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/23645
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19064
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16907
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0791
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/client-management/2006/Mar/msg00030.html
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-062A.html
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=303382

Scores

EPSS 0.6401
EPSS Percentile 98.5%

Details

Status published
Products (2)
apple/mac_os_x 10.4.5
apple/mac_os_x_server 10.4.5
Published Aug 05, 2006
Tracked Since Feb 18, 2026