Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3632

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3632
Last Modified 30 Oct 2012 11:01:44
Published 10 Sep 2008 09:13:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3632

Summary

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

Vulnerable Systems


References

VUPEN - ADV-2009-1522

BID - 31092

CONFIRM - http://support.apple.com/kb/HT3613

CONFIRM - http://support.apple.com/kb/HT3129

CONFIRM - http://support.apple.com/kb/HT3026

APPLE - APPLE-SA-2009-06-08-1

APPLE - APPLE-SA-2008-09-12

APPLE - APPLE-SA-2008-09-09

VUPEN - ADV-2008-2558

VUPEN - ADV-2008-2525

SECTRACK - 1020847

SECUNIA - 35379

SECUNIA - 32099

SECUNIA - 31900

SECUNIA - 31823

SUSE - SUSE-SR:2008:019

UBUNTU - USN-676-1

SECUNIA - 32860

Related Patches

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:49:48