CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2008 (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4231 399 DoS Exec Code Mem. Corr. 2008-11-25 2009-06-13
9.3
None Remote Medium Not required Complete Complete Complete
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
2 CVE-2008-4221 399 DoS Exec Code Mem. Corr. 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
3 CVE-2008-3626 119 DoS Exec Code Overflow Mem. Corr. 2008-09-10 2013-11-02
6.8
None Remote Medium Not required Partial Partial Partial
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
4 CVE-2008-3621 399 DoS Exec Code Mem. Corr. 2008-09-16 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
5 CVE-2008-3608 399 DoS Exec Code Mem. Corr. 2008-09-16 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
6 CVE-2008-2332 399 DoS Exec Code Mem. Corr. 2008-09-16 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
7 CVE-2008-2325 399 DoS Exec Code Mem. Corr. 2008-08-03 2008-09-10
9.3
None Remote Medium Not required Complete Complete Complete
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
8 CVE-2008-2321 399 DoS Exec Code Mem. Corr. 2008-08-03 2009-06-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
9 CVE-2008-2308 264 DoS +Priv Mem. Corr. 2008-07-01 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
10 CVE-2008-2307 399 DoS Exec Code Mem. Corr. 2008-06-23 2011-03-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
11 CVE-2008-1739 399 DoS Exec Code Mem. Corr. 2008-09-03 2008-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
12 CVE-2008-1582 399 DoS Exec Code Mem. Corr. 2008-06-10 2008-09-10
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
13 CVE-2008-1577 DoS Exec Code Mem. Corr. 2008-06-02 2011-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
14 CVE-2008-1575 399 Exec Code Mem. Corr. 2008-06-02 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
15 CVE-2008-1035 94 Exec Code Mem. Corr. 2008-06-03 2009-04-08
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier.
16 CVE-2008-1024 399 DoS Exec Code Mem. Corr. 2008-04-17 2009-03-18
6.8
User Remote Medium Not required Partial Partial Partial
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.
17 CVE-2008-1016 94 Exec Code Mem. Corr. 2008-04-04 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
18 CVE-2008-0040 399 DoS Exec Code Mem. Corr. 2008-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.
19 CVE-2008-0035 399 DoS Exec Code Mem. Corr. 2008-01-15 2011-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
20 CVE-2008-0033 399 DoS Exec Code Mem. Corr. 2008-01-15 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
21 CVE-2008-0031 399 DoS Exec Code Mem. Corr. 2008-01-15 2011-09-20
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.