CVE-2008-2006

Apple iCal 3.0.1 - 'TRIGGER' Denial of Service

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.

Apple iCal versión 3.0.1 en Mac OS X, permite a los servidores remotos CalDAV y los atacantes remotos asistidos por el usuario causar una denegación de servicio (desreferencia del puntero NULL y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de un archivo .ics que contiene (1) un entero grande de 16 bits en una línea TRIGGER, o (2) un entero grande en un campo COUNT en una línea RRULE.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-04-21 First Exploit
2008-04-28 CVE Reserved
2008-05-22 CVE Published
2024-05-28 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (12)

URL	Tag	Source
http://securityreason.com/securityalert/3901	Third Party Advisory
http://www.securityfocus.com/archive/1/492414/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/492638/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/492682/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/28629	Vdb Entry
http://www.securitytracker.com/id?1020094	Vdb Entry
http://www.vupen.com/english/advisories/2008/1601	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42569	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/31619	2008-04-21
https://www.exploit-db.com/exploits/31613	2008-04-21
http://www.coresecurity.com/?action=item&id=2219	2024-08-07
http://www.securityfocus.com/bid/28632	2024-08-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"	Ical Search vendor "Apple" for product "Ical"	3.0.1 Search vendor "Apple" for product "Ical" and version "3.0.1"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	10.5.1 Search vendor "Apple" for product "Mac Os X" and version "10.5.1"	-	Safe