Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1036

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1036
Last Modified 11 Oct 2011 12:00:00
Published 02 Jun 2008 05:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1036

Summary

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4.11

  • Apple Mac Os X 10.5

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X Server 10.4.11

  • Apple Mac Os X Server 10.5

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2

  • Redhat Enterprise Linux 5


References

CERT - TA08-150A

APPLE - APPLE-SA-2008-05-28

XF - macosx-icu-security-bypass(42717)

VUPEN - ADV-2008-1697

UBUNTU - USN-747-1

BID - 29488

BID - 29412

REDHAT - RHSA-2009:0296

DEBIAN - DSA-1762

MISC - http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064

SECTRACK - 1020139

SECUNIA - 34777

SECUNIA - 34290

SECUNIA - 30430

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:47:01