Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1035

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1035
Last Modified 07 Mar 2011 10:05:50
Published 03 Jun 2008 04:32:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1035

Summary

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier.

Vulnerable Systems

Application

  • Apple Ical 3.0.1


References

CERT - TA08-150A

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-1601

SECTRACK - 1020095

BID - 29486

BID - 29412

BID - 28633

BUGTRAQ - 20080528 Re: CORE-2008-0126: Multiple vulnerabilities in iCal

BUGTRAQ - 20080527 Re: CORE-2008-0126: Multiple vulnerabilities in iCal

BUGTRAQ - 20080521 CORE-2008-0126: Multiple vulnerabilities in iCal

MISC - http://www.coresecurity.com/?action=item&id=2219

SECUNIA - 30430

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:47:01