ID CVE-2008-3632
Summary Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
References
Vulnerable Configurations
  • cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 31-10-2012 - 03:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
apple
  • APPLE-SA-2008-09-09
  • APPLE-SA-2008-09-12
  • APPLE-SA-2009-06-08-1
bid 31092
confirm
sectrack 1020847
secunia
  • 31823
  • 31900
  • 32099
  • 32860
  • 35379
suse SUSE-SR:2008:019
ubuntu USN-676-1
vupen
  • ADV-2008-2525
  • ADV-2008-2558
  • ADV-2009-1522
vulnerable_product via4
  • cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
Last major update 31-10-2012 - 03:01
Published 11-09-2008 - 01:13
Back to Top