1. CVE-Search
  2. CVE-2008-4211
ID CVE-2008-4211
Summary Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 23-05-2021 - 00:52)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
apple
  • APPLE-SA-2008-10-09
  • APPLE-SA-2008-11-20
bid
  • 31681
  • 31707
confirm
sectrack 1021027
secunia
  • 32222
  • 32756
vupen
  • ADV-2008-2780
  • ADV-2008-3232
xf macosx-quicklook2-code-execution(45784)
Last major update 23-05-2021 - 00:52
Published 10-10-2008 - 10:30
Last modified 23-05-2021 - 00:52
Back to Top