ID CVE-2008-0035
Summary Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 09-08-2022 - 13:46)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
apple
  • APPLE-SA-2008-01-15
  • APPLE-SA-2008-02-11
bid 27296
cert TA08-043B
confirm
sectrack 1019220
secunia
  • 28497
  • 28891
vupen
  • ADV-2008-0147
  • ADV-2008-0495
xf iphone-ipod-foundation-code-execution(39700)
Last major update 09-08-2022 - 13:46
Published 16-01-2008 - 02:00
Last modified 09-08-2022 - 13:46
Back to Top