Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-1035

Published: 03/06/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Apple

Vulnerability Summary

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier.

Vulnerable Product Search on Vulmon Subscribe to Product

apple ical 3.0.1

Exploits

Exploit DB: Apple iCal 3.0.1 - 'ATTACH' Denial of Service
source: wwwsecurityfocuscom/bid/28633/info Apple iCal is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input data Successful exploits will crash the application Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed iCal 30 ...
Exploit DB: Core Security Technologies Advisory 2008.0126
Core Security Technologies Advisory - Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application and may cause a denial of service condition iCal version 301 on MacOS X 1051 (Leop ...

References

CWE-94http://www.coresecurity.com/?action=item&id=2219http://www.securityfocus.com/bid/28633http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.securityfocus.com/bid/29412http://www.securityfocus.com/bid/29486http://secunia.com/advisories/30430http://www.securitytracker.com/id?1020095http://www.vupen.com/english/advisories/2008/1697http://www.vupen.com/english/advisories/2008/1601http://www.securityfocus.com/archive/1/492682/100/0/threadedhttp://www.securityfocus.com/archive/1/492638/100/100/threadedhttp://www.securityfocus.com/archive/1/492414/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/31620/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook