cvelistv5 - cve-2008-1573

CVE-2008-1573 (GCVE-0-2008-1573)

Vulnerability from cvelistv5

Published

2008-06-02 14:00

Modified

2024-08-07 08:24

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
cve@mitre.org	http://secunia.com/advisories/30430	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30775	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1020144	Patch
cve@mitre.org	http://www.securityfocus.com/bid/29412
cve@mitre.org	http://www.securityfocus.com/bid/29513
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1882/references	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42721
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020144	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29412
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29513
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1882/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42721

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30775"
          },
          {
            "name": "ADV-2008-1882",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1882/references"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "1020144",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020144"
          },
          {
            "name": "macosx-imageio-information-disclosure(42721)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
          },
          {
            "name": "APPLE-SA-2008-06-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "29513",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29513"
          },
          {
            "name": "29412",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29412"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30775"
        },
        {
          "name": "ADV-2008-1882",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1882/references"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "1020144",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020144"
        },
        {
          "name": "macosx-imageio-information-disclosure(42721)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
        },
        {
          "name": "APPLE-SA-2008-06-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "29513",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29513"
        },
        {
          "name": "29412",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29412"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30775"
            },
            {
              "name": "ADV-2008-1882",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1882/references"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "1020144",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020144"
            },
            {
              "name": "macosx-imageio-information-disclosure(42721)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
            },
            {
              "name": "APPLE-SA-2008-06-19",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "29513",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29513"
            },
            {
              "name": "29412",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29412"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1573",
    "datePublished": "2008-06-02T14:00:00",
    "dateReserved": "2008-03-31T00:00:00",
    "dateUpdated": "2024-08-07T08:24:42.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1573\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-02T21:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.\"},{\"lang\":\"es\",\"value\":\"El motor de decodificaci\u00f3n de im\u00e1genes BMP y GIF en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos obtener informaci\u00f3n confidencial (contenido de memoria) por medio de una imagen (1) BMP o (2) GIF dise\u00f1ada, lo que causa una lectura fuera de l\u00edmites.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.5.2\",\"matchCriteriaId\":\"09FE157F-2B5A-4CA9-A2BA-C8535809B2D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE39585-CF3B-4493-96D8-B394544C7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2442D35-7484-43D8-9077-3FDF63104816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F3E721C-00CA-4D51-B542-F2BC5C0D65BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.5.2\",\"matchCriteriaId\":\"BDD3CE38-A4CF-44A1-A18F-A3741A0EA1CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E8648C-5469-4280-A581-D4A9A41B7213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E8D614-E1EE-42F1-9E55-EA54FB500621\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30775\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020144\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/29412\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29513\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1882/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42721\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/29412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1882/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2008-1573

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-1573

Aliases

CVE-2008-1573

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1573",
    "description": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.",
    "id": "GSD-2008-1573"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1573"
      ],
      "details": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.",
      "id": "GSD-2008-1573",
      "modified": "2023-12-13T01:23:03.397282Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1573",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "30775",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30775"
          },
          {
            "name": "ADV-2008-1882",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1882/references"
          },
          {
            "name": "TA08-150A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "1020144",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020144"
          },
          {
            "name": "macosx-imageio-information-disclosure(42721)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
          },
          {
            "name": "APPLE-SA-2008-06-19",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
          },
          {
            "name": "ADV-2008-1697",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "29513",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29513"
          },
          {
            "name": "29412",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29412"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1573"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "29412",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29412"
            },
            {
              "name": "1020144",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1020144"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "29513",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29513"
            },
            {
              "name": "30775",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30775"
            },
            {
              "name": "APPLE-SA-2008-06-19",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
            },
            {
              "name": "ADV-2008-1882",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1882/references"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "macosx-imageio-information-disclosure(42721)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:30Z",
      "publishedDate": "2008-06-02T21:30Z"
    }
  }
}

ghsa-j8r3-8vrj-j6x6

Vulnerability from github

Published

2022-05-01 23:41

Modified

2022-05-01 23:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1573"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-02T21:30:00Z",
    "severity": "HIGH"
  },
  "details": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.",
  "id": "GHSA-j8r3-8vrj-j6x6",
  "modified": "2022-05-01T23:41:25Z",
  "published": "2022-05-01T23:41:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1573"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30775"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020144"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29412"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29513"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1882/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-331

Vulnerability from certfr_avis

Des vulnérabilités ont été découvertes dans la navigateur Safari. Ces vulnérabilités permettent un contournement de la politique de sécurité et l'exécution de code arbitraire à distance sous Windows.

Description

Une vulnérabilité a été découverte dans la navigateur Safari d'Apple. Cette vulnérabilité permet via un site spécialement construit de forcer le téléchargement d'un fichier quelconque sur l'ordinateur de la victime. Ce fichier est téléchargé directement dans le répertoire de téléchargement défini dans les propriétés du navigateur (le Bureau par défaut).

Comme indiqué dans le bulletin d'actualité CERTA-2008-ACT-023, cette vulnérabilité peut également permettre l'exécution de code arbitraire sous Microsoft Windows. En effet, une « fonctionnalité » de Internet Explorer est de charger sous certaines conditions des bibliothèques de fonctions (DLL) depuis le bureau. Le téléchargement d'un tel fichier sous Safari suivi de l'exécution de Internet Explorer permet ainsi à une personne malveillante d'exécuter du code arbitraire à distance.

De plus, une autre vulnérabilité a été découverte dans la manière de traiter les fichiers BMP et GIF par Safari sous Microsoft Windows. Cette vulnérabilité peut être utilisée afin de lire certaines zones de la mémoire.

Une dernière vulnérabilité sur Windows et MacOS concerne un problème de corruption de mémoire dans le traitement de tableaux en Javascript par Webkit. Une personne malintentionnée pourrait exploiter cette faille pour exécuter du code arbitraire à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari version 3.1.1. pour MacOS et versions antérieures.
	Apple	Safari	Safari version 3.1.1 pour Windows et versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2092 du 19 juin 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-008 du 20 juin 2008 :	-	other
Bulletin de sécurité Apple HT2165 du 30 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari version 3.1.1. pour MacOS et versions ant\u00e9rieures.",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari version 3.1.1 pour Windows et versions ant\u00e9rieures ;",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la navigateur Safari d\u0027Apple.\nCette vuln\u00e9rabilit\u00e9 permet via un site sp\u00e9cialement construit de forcer\nle t\u00e9l\u00e9chargement d\u0027un fichier quelconque sur l\u0027ordinateur de la\nvictime. Ce fichier est t\u00e9l\u00e9charg\u00e9 directement dans le r\u00e9pertoire de\nt\u00e9l\u00e9chargement d\u00e9fini dans les propri\u00e9t\u00e9s du navigateur (le Bureau par\nd\u00e9faut).\n\nComme indiqu\u00e9 dans le bulletin d\u0027actualit\u00e9 CERTA-2008-ACT-023, cette\nvuln\u00e9rabilit\u00e9 peut \u00e9galement permettre l\u0027ex\u00e9cution de code arbitraire\nsous Microsoft Windows. En effet, une \u00ab fonctionnalit\u00e9 \u00bb de Internet\nExplorer est de charger sous certaines conditions des biblioth\u00e8ques de\nfonctions (DLL) depuis le bureau. Le t\u00e9l\u00e9chargement d\u0027un tel fichier\nsous Safari suivi de l\u0027ex\u00e9cution de Internet Explorer permet ainsi \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nDe plus, une autre vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la mani\u00e8re de\ntraiter les fichiers BMP et GIF par Safari sous Microsoft Windows. Cette\nvuln\u00e9rabilit\u00e9 peut \u00eatre utilis\u00e9e afin de lire certaines zones de la\nm\u00e9moire.\n\nUne derni\u00e8re vuln\u00e9rabilit\u00e9 sur Windows et MacOS concerne un probl\u00e8me de\ncorruption de m\u00e9moire dans le traitement de tableaux en Javascript par\nWebkit. Une personne malintentionn\u00e9e pourrait exploiter cette faille\npour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-2306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2306"
    },
    {
      "name": "CVE-2008-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2307"
    }
  ],
  "initial_release_date": "2008-06-20T00:00:00",
  "last_revision_date": "2008-07-04T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-008 du 20 juin 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-008/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2165 du 30 juin 2008 :",
      "url": "http://support.apple.com/kb/HT2165"
    }
  ],
  "reference": "CERTA-2008-AVI-331",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-20T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027une r\u00e9f\u00e9rence au bulletin d\u0027Apple sur MacOS et mise \u00e0 jour de la description.",
      "revision_date": "2008-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans la navigateur Safari. Ces\nvuln\u00e9rabilit\u00e9s permettent un contournement de la politique de s\u00e9curit\u00e9\net l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sous Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du navigateur Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2092 du 19 juin 2008",
      "url": "http://support.apple.com/kb/HT2092"
    }
  ]
}

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.

Description

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :

le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
etc.

Solution

Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac 0S X versions v10.4.x.
	Apple	N/A	Apple Mac OS X version v10.5.x ;

References

Title

Publication Time

Tags

Mises à jour de sécurité Apple 2008-003 du 28 mai 2008	None	vendor-advisory
Alerte CERTA-2008-ALE-007, « Multiples vulnérabilités dans Apple Ical », du 23 mai 2008 :	-	other
Détails de la mise à jour de sécurité 2008-003 / Mac OS X 10.5.3 :	-	other
Bulletin de sécurité Apple 106704 du 28 mai 2008 :	-	other
Tableau récapitulatif des mises à jour de sécurité pour Mac OS X :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac 0S X versions v10.4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version v10.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n-   le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n    la coh\u00e9rence d\u0027acc\u00e8s entre r\u00e9pertoires et fichiers.\n-   le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n    X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n    permettant des attaques par injection de code indirecte ;\n-   l\u0027impression d\u0027un document PDF sp\u00e9cialement construit par ATS peut\n    provoquer l\u0027ex\u00e9cution de code arbitraire ;\n-   l\u0027impression de documents via CUPS \u00e0 destination d\u0027une imprimante\n    peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n    informations sensibles, y compris si une protection par mot de passe\n    est d\u00e9ploy\u00e9e ;\n-   des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n    CERTA-2008-AVI-197) ;\n-   les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l\u0027alerte CERTA-2008-ALE-007\n    concernant iCal sont corrig\u00e9es ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1574"
    },
    {
      "name": "CVE-2008-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1032"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2008-1572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1572"
    },
    {
      "name": "CVE-2008-1655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1575"
    },
    {
      "name": "CVE-2008-1031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1031"
    },
    {
      "name": "CVE-2008-1571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1571"
    },
    {
      "name": "CVE-2008-1027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1027"
    },
    {
      "name": "CVE-2008-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1577"
    },
    {
      "name": "CVE-2008-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1576"
    },
    {
      "name": "CVE-2008-1035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1035"
    },
    {
      "name": "CVE-2007-6612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6612"
    },
    {
      "name": "CVE-2005-3357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3357"
    },
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1036"
    },
    {
      "name": "CVE-2008-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1028"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2008-1033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1033"
    },
    {
      "name": "CVE-2007-6019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
    },
    {
      "name": "CVE-2007-5275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
    },
    {
      "name": "CVE-2008-1030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1030"
    },
    {
      "name": "CVE-2008-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1578"
    },
    {
      "name": "CVE-2008-1034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1034"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2008-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
    },
    {
      "name": "CVE-2007-6243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
    },
    {
      "name": "CVE-2008-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1579"
    },
    {
      "name": "CVE-2008-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1580"
    },
    {
      "name": "CVE-2007-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6359"
    },
    {
      "name": "CVE-2008-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2007-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    }
  ],
  "initial_release_date": "2008-05-29T00:00:00",
  "last_revision_date": "2008-05-29T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans    Apple Ical \u00bb, du 23 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"
    },
    {
      "title": "D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X    10.5.3 :",
      "url": "http://support.apple.com/kb/HT1897"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac    OS X :",
      "url": "http://support.apple.com/kb/HT1222?viewlocale=fr_FR"
    }
  ],
  "reference": "CERTA-2008-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L\u0027exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n",
  "title": "Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008",
      "url": null
    }
  ]
}

fkie_cve-2008-1573

Vulnerability from fkie_nvd

Published

2008-06-02 21:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
cve@mitre.org	http://secunia.com/advisories/30430	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30775	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1020144	Patch
cve@mitre.org	http://www.securityfocus.com/bid/29412
cve@mitre.org	http://www.securityfocus.com/bid/29513
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1882/references	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42721
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020144	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29412
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29513
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1882/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42721

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.4.11
apple	mac_os_x	10.5
apple	mac_os_x	10.5.1
apple	mac_os_x_server	*
apple	mac_os_x_server	10.4.11
apple	mac_os_x_server	10.5
apple	mac_os_x_server	10.5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FE157F-2B5A-4CA9-A2BA-C8535809B2D7",
              "versionEndIncluding": "10.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD3CE38-A4CF-44A1-A18F-A3741A0EA1CC",
              "versionEndIncluding": "10.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read."
    },
    {
      "lang": "es",
      "value": "El motor de decodificaci\u00f3n de im\u00e1genes BMP y GIF en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos obtener informaci\u00f3n confidencial (contenido de memoria) por medio de una imagen (1) BMP o (2) GIF dise\u00f1ada, lo que causa una lectura fuera de l\u00edmites."
    }
  ],
  "id": "CVE-2008-1573",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-06-02T21:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30775"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1020144"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29513"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1882/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1020144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1882/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200805-0573

Vulnerability from variot

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system. The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to an information-disclosure vulnerability that occurs in ImageIO. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2. NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

I. Further details are available in the US-CERT Vulnerability Notes Database.

II.

III. These and other updates are available via Software Update or via Apple Downloads.

IV. Please send email to cert@cert.org with "TA08-150A Feedback VU#566875" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2008 by US-CERT, a government organization.

<http://www.us-cert.gov/legal.html>

Revision History

May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory.

2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service). TextEdit).

4) Multiple unspecified errors exist in the processing of Pixlet video files.

5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed.

Successful exploitation may allow execution of arbitrary code.

6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request.

7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument.

8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened.

9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types.

10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information.

11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

Successful exploitation may allow execution of arbitrary code.

13) A conversion error exists in ICU when handling certain character encodings.

14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks.

15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture.

17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to the use of vulnerable libpng code.

For more information: SA27093 SA27130

18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6.

For more information: SA28323

21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords.

22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed.

ORIGINAL ADVISORY: http://support.apple.com/kb/HT1897

OTHER REFERENCES: SA18008: http://secunia.com/advisories/18008/

SA18307: http://secunia.com/advisories/18307/

SA26273: http://secunia.com/advisories/26273/

SA26636: http://secunia.com/advisories/26636/

SA27093: http://secunia.com/advisories/27093/

SA27130: http://secunia.com/advisories/27130/

SA28081: http://secunia.com/advisories/28081/

SA28083: http://secunia.com/advisories/28083/

SA28323: http://secunia.com/advisories/28323/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

The vulnerabilities are reported in Safari for Windows prior to version 3.1.2.

SOLUTION: Update to version 3.1.2. http://www.apple.com/support/downloads/safari312forwindows.html

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Gynvael Coldwind, Hispasec 2) Will Dormann, CERT/CC 3) James Urquhart

CHANGELOG: 2008-06-20: Added link to US-CERT

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200805-0573",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.3"
      },
      {
        "model": "mac os x server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.3"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "BID",
        "id": "29513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Melissa O\u0027NeillPaul HaddadRodrigo CarvalhoGynvael Coldwind",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-1573",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-1573",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-1573",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-31698",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-1573",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#127185",
            "trust": 0.8,
            "value": "8.10"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#566875",
            "trust": 0.8,
            "value": "8.68"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-1573",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200806-011",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31698",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system. \nThe security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to an information-disclosure vulnerability that occurs in ImageIO. \nAn attacker can exploit this issue to obtain sensitive information that may lead to further attacks. \nThis issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2. \nNOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. \n\nI. Further\n   details are available in the US-CERT Vulnerability Notes Database. \n\nII. \n\nIII.  These  and other updates are available via Software Update or\n   via Apple Downloads. \n\nIV. Please send\n  email to \u003ccert@cert.org\u003e with \"TA08-150A Feedback VU#566875\" in the\n  subject. \n _________________________________________________________________\n\n  For instructions on subscribing to or unsubscribing from this\n  mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n  Produced 2008 by US-CERT, a government organization. \n\n  Terms of use:\n\n    \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n   Revision History\n\n   May 29 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo\nYvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx\n403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN\nRjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom\nvmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI\nDcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==\n=QvSr\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\n1) An error in AFP server allows connected users or guests to access\nfiles and directories that are not within a shared directory. \n\n2) Some vulnerabilities in Apache can be exploited by malicious\npeople to conduct cross-site scripting attacks or to cause a DoS\n(Denial of Service). TextEdit). \n\n4) Multiple unspecified errors exist in the processing of Pixlet\nvideo files. \n\n5) An unspecified error exists in Apple Type Services when processing\nembedded fonts in PDF files. This can be exploited to cause a memory\ncorruption when a PDF file containing a specially crafted embedded\nfont is printed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n6) An error in Safari\u0027s SSL client certificate handling can lead to\nan information disclosure of the first client certificate found in\nthe keychain when a web server issues a client certificate request. \n\n7) An integer overflow exists in CoreFoundation when handling CFData\nobjects. This can be exploited to cause a heap-based buffer overflow\nif an application calls \"CFDataReplaceBytes\" with an invalid \"length\"\nargument. \n\n8) An error due to an uninitialised variable in CoreGraphics can\npotentially be exploited to execute arbitrary code when a specially\ncrafted PDF is opened. \n\n9) A weakness is caused due to users not being warned before opening\ncertain potentially unsafe content types. \n\n10) An error when printing to password-protected printers with debug\nlogging enabled may lead to the disclosure of sensitive information. \n\n11) Some vulnerabilities in Adobe Flash Player can be exploited by\nmalicious people to bypass certain security restrictions, conduct\ncross-site scripting attacks, or to potentially compromise a user\u0027s\nsystem. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n13) A conversion error exists in ICU when handling certain character\nencodings. \n\n14) Input passed to unspecified parameters in Image Capture\u0027s\nembedded web server is not properly sanitised before being used. This\ncan be exploited to disclose the content of local files via directory\ntraversal attacks. \n\n15) An error in the handling of temporary files in Image Capture can\nbe exploited by malicious, local users to manipulate files with the\nprivilege of a user running Image Capture. \n\n17) Some vulnerabilities in ImageIO can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nThe vulnerabilities are caused due to the use of vulnerable libpng\ncode. \n\nFor more information:\nSA27093\nSA27130\n\n18) An integer overflow error in ImageIO within the processing of\nJPEG2000 images can be exploited to cause a heap-based buffer\noverflow when a specially crafted JPEG2000 image is viewed. \n\nSuccessful exploitation of this vulnerability may allow execution of\narbitrary code. \n\n19) An error in Mail is caused due to an uninitialised variable and\ncan lead to disclosure of sensitive information and potentially\nexecution of arbitrary code when mail is sent through an SMTP server\nover IPv6. \n\nFor more information:\nSA28323\n\n21) The sso_util command-line tool requires that passwords be passed\nto it in its arguments, which can be exploited by malicious, local\nusers to disclose the passwords. \n\n22) An error in Wiki Server can be exploited to determine valid local\nuser names when nonexistent blogs are accessed. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT1897\n\nOTHER REFERENCES:\nSA18008:\nhttp://secunia.com/advisories/18008/\n\nSA18307:\nhttp://secunia.com/advisories/18307/\n\nSA26273:\nhttp://secunia.com/advisories/26273/\n\nSA26636:\nhttp://secunia.com/advisories/26636/\n\nSA27093:\nhttp://secunia.com/advisories/27093/\n\nSA27130:\nhttp://secunia.com/advisories/27130/\n\nSA28081:\nhttp://secunia.com/advisories/28081/\n\nSA28083:\nhttp://secunia.com/advisories/28083/\n\nSA28323:\nhttp://secunia.com/advisories/28323/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerabilities are reported in Safari for Windows prior to\nversion 3.1.2. \n\nSOLUTION:\nUpdate to version 3.1.2. \nhttp://www.apple.com/support/downloads/safari312forwindows.html\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Gynvael Coldwind, Hispasec\n2) Will Dormann, CERT/CC\n3) James Urquhart\n\nCHANGELOG:\n2008-06-20: Added link to US-CERT",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      },
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "BID",
        "id": "29513"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "PACKETSTORM",
        "id": "67541"
      }
    ],
    "trust": 3.96
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "29412",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "29513",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA08-150A",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "30430",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1020144",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "30775",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1882",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1697",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "42721",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#127185",
        "trust": 0.9
      },
      {
        "db": "USCERT",
        "id": "SA08-150A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA08-150A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-06-19",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-05-28",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-31698",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66818",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66804",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "67541",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "BID",
        "id": "29513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "PACKETSTORM",
        "id": "67541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "id": "VAR-200805-0573",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:46:26.283000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Safari 3.1.2",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT2092"
      },
      {
        "title": "Mac OS X 10.5.3",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1897"
      },
      {
        "title": "Mac OS X 10.5.3",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1897?viewlocale=ja_JP"
      },
      {
        "title": "Safari 3.1.2",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT2092?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/29412"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/29513"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/30430"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008//jun/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1020144"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30775"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/1697"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/42721"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1697"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1882/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42721"
      },
      {
        "trust": 0.9,
        "url": "http://support.apple.com/kb/ht2092"
      },
      {
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/en-us/library/ms537183.aspx"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1573"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-150a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-150a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1573"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2008/may/1020144.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/1882/references"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/566875"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1338?viewlocale=en_us\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1897\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_security_update_2008_003\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26273/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1053update.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18307/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27093/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1053comboupdate.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003ppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1897"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1053update.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003serverppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27130/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30430/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26636/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28083/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003intel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1053comboupdate.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28081/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18008/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28323/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30775/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/127185"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/safari312forwindows.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/about_secunia/64/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17978/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "BID",
        "id": "29513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "PACKETSTORM",
        "id": "67541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "BID",
        "id": "29513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "PACKETSTORM",
        "id": "67541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-06-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "date": "2008-05-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "date": "2008-06-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "date": "2008-05-28T00:00:00",
        "db": "BID",
        "id": "29412"
      },
      {
        "date": "2008-05-28T00:00:00",
        "db": "BID",
        "id": "29513"
      },
      {
        "date": "2008-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "date": "2008-05-29T23:21:11",
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "date": "2008-05-29T23:19:06",
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "date": "2008-06-21T01:11:07",
        "db": "PACKETSTORM",
        "id": "67541"
      },
      {
        "date": "2008-05-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "date": "2008-06-02T21:30:00",
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-06-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#127185"
      },
      {
        "date": "2008-05-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#566875"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31698"
      },
      {
        "date": "2008-06-04T00:23:00",
        "db": "BID",
        "id": "29412"
      },
      {
        "date": "2008-06-20T20:52:00",
        "db": "BID",
        "id": "29513"
      },
      {
        "date": "2008-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001409"
      },
      {
        "date": "2021-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      },
      {
        "date": "2024-11-21T00:44:50.450000",
        "db": "NVD",
        "id": "CVE-2008-1573"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "BID",
        "id": "29513"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari automatically executes downloaded files based on Internet Explorer zone settings",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#127185"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-011"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-1573 (GCVE-0-2008-1573)

Vulnerability from cvelistv5

gsd-2008-1573

Vulnerability from gsd

ghsa-j8r3-8vrj-j6x6

Vulnerability from github

CERTA-2008-AVI-331

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2008-1573

Vulnerability from fkie_nvd

var-200805-0573

Vulnerability from variot

Tags

Sightings

Nomenclature