Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4231

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4231
Last Modified 07 Mar 2011 10:12:09
Published 25 Nov 2008 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4231

Summary

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

Application

  • Apple Safari


References

VUPEN - ADV-2009-1522

VUPEN - ADV-2008-3232

SECTRACK - 1021272

BID - 32394

BUGTRAQ - 20090610 FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability

MISC - http://www.fortiguardcenter.com/advisory/FGA-2009-23.html

CONFIRM - http://support.apple.com/kb/HT3613

CONFIRM - http://support.apple.com/kb/HT3318

SECUNIA - 35379

SECUNIA - 32756

OSVDB - 50028

APPLE - APPLE-SA-2009-06-08-1

APPLE - APPLE-SA-2008-11-20

Related Patches

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:48:26