Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-2006

Published: 22/05/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Apple

Vulnerability Summary

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.

Vulnerable Product Search on Vulmon Subscribe to Product

apple ical 3.0.1

Exploits

Exploit DB: Core Security Technologies Advisory 2008.0126
Core Security Technologies Advisory - Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application and may cause a denial of service condition iCal version 301 on MacOS X 1051 (Leop ...
Exploit DB: Apple iCal 3.0.1 - 'TRIGGER' Denial of Service
source: wwwsecurityfocuscom/bid/28632/info Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files An attacker can exploit this issue to crash the affected application, denying service to legitimate users This issue affects iCal 301 running on Mac OS X 1051; previous versions may ...
Exploit DB: Apple iCal 3.0.1 - 'COUNT' Integer Overflow
source: wwwsecurityfocuscom/bid/28629/info Apple iCal is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun An attacker can exploit this issue to execute arbitrary code within the context of the affected application Failed exploit attempts will result in a denial-of-service conditio ...

References

CWE-20http://www.coresecurity.com/?action=item&id=2219http://www.securityfocus.com/bid/28632http://www.securityfocus.com/bid/28629http://securityreason.com/securityalert/3901http://www.securitytracker.com/id?1020094http://www.vupen.com/english/advisories/2008/1601https://exchange.xforce.ibmcloud.com/vulnerabilities/42569http://www.securityfocus.com/archive/1/492682/100/0/threadedhttp://www.securityfocus.com/archive/1/492638/100/100/threadedhttp://www.securityfocus.com/archive/1/492414/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/66599/Core-Security-Technologies-Advisory-2008.0126.htmlhttps://www.exploit-db.com/exploits/31619/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook