Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3623

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3623
Last Modified 30 Oct 2012 11:01:42
Published 17 Nov 2008 01:18:47
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3623

Summary

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.

Vulnerable Systems

Application

  • Apple Safari

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.0.3

  • Apple Safari 1.1

  • Apple Safari 1.1.1

  • Apple Safari 1.2

  • Apple Safari 1.2.1

  • Apple Safari 1.2.2

  • Apple Safari 1.2.3

  • Apple Safari 1.2.4

  • Apple Safari 1.2.5

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2

  • Apple Safari 2.0

  • Apple Safari 2.0 Pre

  • Apple Safari 2.0.1

  • Apple Safari 2.0.2

  • Apple Safari 2.0.3

  • Apple Safari 2.0.3 417.9.3

  • Apple Safari 2.0.4

  • Apple Safari 2.0.4 419.3

  • Apple Safari 3

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4

  • Apple Safari 3.0.4 Beta

  • Apple Safari 3.1

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2


References

CERT - TA08-350A

VUPEN - ADV-2009-1621

VUPEN - ADV-2008-3444

BID - 32291

CONFIRM - http://support.apple.com/kb/HT3639

CONFIRM - http://support.apple.com/kb/HT3338

CONFIRM - http://support.apple.com/kb/HT3298

SECUNIA - 33179

APPLE - APPLE-SA-2009-06-17-1

APPLE - APPLE-SA-2008-11-13

APPLE - APPLE-SA-2008-12-15

SECTRACK - 1021225

SECUNIA - 32706

Related Patches

Apple 2008-12-15 Security Update 2008-008 (Client PPC)

Apple 2008-12-15 Security Update 2008-008 Server (PPC)

Apple 2008-12-15 Security Update 2008-008 Server (Intel)

Apple 2008-12-15 Mac OS X Server 10.5.6 Combo Update

Apple 2008-12-15 Mac OS X 10.5.6 Combo Update

Apple 2008-12-15 Mac OS X 10.5.6 Update

Apple 2008-12-15 Security Update 2008-008 (Client Intel)

Apple 2008-12-15 Mac OS X Server 10.5.6 Update


Last Updated: 27 May 2016 11:01:20