Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1026

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1026
Last Modified 07 Mar 2011 10:05:49
Published 17 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1026

Summary

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Apple Safari 3

  • Apple Safari 3.1


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-022

CONFIRM - http://support.apple.com/kb/HT1467

VUPEN - ADV-2008-2094

VUPEN - ADV-2008-1250

SECTRACK - 1019870

BID - 28815

BUGTRAQ - 20080416 ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability

SREASON - 3815

SECUNIA - 31074

APPLE - APPLE-SA-2008-07-11

XF - apple-safari-webkit-pcrecompile-bo(41859)

SECUNIA - 29846

APPLE - APPLE-SA-2008-04-16

Related Patches

Apple 2008-04-16 Safari Update 3.1.1 (Tiger PPC)

Apple 2008-04-16 Safari Update 3.1.1 (Tiger Intel)

Apple 2008-04-16 Safari Update 3.1.1 (Leopard)


Last Updated: 27 May 2016 10:47:00