Vulnerability Details : CVE-2008-3632
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2008-3632
- cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
- cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3632
10.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3632
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-3632
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3632
-
http://support.apple.com/kb/HT3026
About the security content of iPod touch v2.1 - Apple SupportPatch;Vendor Advisory
-
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Patch;Vendor Advisory
-
http://secunia.com/advisories/31823
About Secunia Research | FlexeraVendor Advisory
-
http://support.apple.com/kb/HT3613
About the security content of Safari 4.0 - Apple SupportPatch;Vendor Advisory
-
http://secunia.com/advisories/32860
-
http://www.securityfocus.com/bid/31092
Patch
-
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
Patch;Vendor Advisory
-
http://secunia.com/advisories/31900
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/32099
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/35379
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2008/2525
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://support.apple.com/kb/HT3129
About the security content of iPhone v2.1 - Apple SupportPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/1522
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPatch;Vendor Advisory
-
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2008/2558
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:019 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.securitytracker.com/id?1020847
-
http://www.ubuntu.com/usn/USN-676-1
Jump to