CVE-2008-2317
Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
WebCore en Safari de Apple no realiza apropiadamente garbage collection de elementos de documentos JavaScript, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de pila y bloqueo de aplicación) por medio de una referencia a la propiedad ownerNode de un objeto CSSStyleSheet copiado de un elemento STYLE, tal y como es demostrado originalmente en el iPhone anterior a la versión 2.0 y en el iPod touch anterior a la versión 2.0, de Apple, una vulnerabilidad diferente de CVE-2008-1590.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-05-18 CVE Reserved
- 2008-07-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/32706 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/494777/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30186 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-045 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43737 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html | 2022-08-09 | |
| http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | 2022-08-09 | |
| http://secunia.com/advisories/31074 | 2022-08-09 | |
| http://support.apple.com/kb/HT3298 | 2022-08-09 | |
| http://www.vupen.com/english/advisories/2008/2094/references | 2022-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Search vendor "Apple" for product "Iphone" | 1.0 Search vendor "Apple" for product "Iphone" and version "1.0" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Search vendor "Apple" for product "Iphone" | 1.1 Search vendor "Apple" for product "Iphone" and version "1.1" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Search vendor "Apple" for product "Iphone" | 1.1.3 Search vendor "Apple" for product "Iphone" and version "1.1.3" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | <= 1.1.4 Search vendor "Apple" for product "Ipod Touch" and version " <= 1.1.4" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | 1.1 Search vendor "Apple" for product "Ipod Touch" and version "1.1" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | 1.1.1 Search vendor "Apple" for product "Ipod Touch" and version "1.1.1" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | 1.1.2 Search vendor "Apple" for product "Ipod Touch" and version "1.1.2" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | 1.1.3 Search vendor "Apple" for product "Ipod Touch" and version "1.1.3" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 1.1.4 Search vendor "Apple" for product "Iphone Os" and version " <= 1.1.4" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.1 Search vendor "Apple" for product "Iphone Os" and version "1.0.1" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.2 Search vendor "Apple" for product "Iphone Os" and version "1.0.2" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.1 Search vendor "Apple" for product "Iphone Os" and version "1.1.1" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.2 Search vendor "Apple" for product "Iphone Os" and version "1.1.2" | - |
Safe
|