Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4211

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4211
Last Modified 11 Oct 2011 12:00:00
Published 10 Oct 2008 06:30:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4211

Summary

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Mac Os X 10.5.5

  • Apple Mac Os X Server 10.5.5


References

BID - 31681

XF - macosx-quicklook2-code-execution(45784)

VUPEN - ADV-2008-3232

VUPEN - ADV-2008-2780

SECTRACK - 1021027

BID - 31707

CONFIRM - http://support.apple.com/kb/HT3318

CONFIRM - http://support.apple.com/kb/HT3216

SECUNIA - 32756

SECUNIA - 32222

APPLE - APPLE-SA-2008-10-09

APPLE - APPLE-SA-2008-11-20

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)

Apple 2008-10-09 Security Update 2008-007 Client (Leopard)


Last Updated: 27 May 2016 10:48:25