Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-1109

Published: 04/06/2008 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote malicious users to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evolution 2.22.1

Vendor Advisories

Ubuntu Security Notice: evolution vulnerabilities
Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code with user privileges Note that the ITip Formatter plug ...
Debian CVElist Bug Report Logs: Two buffer overflows in evolution
Debian Bug report logs - #484639 Two buffer overflows in evolution Package: evolution; Maintainer for evolution is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evolution is src:evolution (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Thu, ...

References

CWE-119http://secunia.com/secunia_research/2008-23/advisory/http://secunia.com/advisories/30298http://secunia.com/advisories/30571http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.htmlhttp://secunia.com/advisories/30527http://www.mandriva.com/security/advisories?name=MDVSA-2008:111http://security.gentoo.org/glsa/glsa-200806-06.xmlhttp://www.securityfocus.com/bid/29527http://www.ubuntu.com/usn/usn-615-1http://www.redhat.com/support/errata/RHSA-2008-0514.htmlhttp://secunia.com/advisories/30716http://www.redhat.com/support/errata/RHSA-2008-0515.htmlhttp://www.securitytracker.com/id?1020170http://secunia.com/advisories/30702https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.htmlhttp://secunia.com/advisories/30564https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.htmlhttp://www.vupen.com/english/advisories/2008/1732/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42826https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337https://usn.ubuntu.com/615-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201CVE-2024-4779CVE-2024-35090CVE-2024-5084hard-codedCVE-2024-4985HTML injectionCVE-2024-33655local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook