CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2008 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4234 264 Exec Code 2008-12-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
2 CVE-2008-4221 399 DoS Exec Code Mem. Corr. 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
3 CVE-2008-4220 189 DoS Exec Code Overflow 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
4 CVE-2008-4217 189 Exec Code Overflow 2008-12-16 2009-02-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
5 CVE-2008-4211 189 DoS Exec Code 2008-10-10 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
6 CVE-2008-3647 119 DoS Exec Code Overflow 2008-10-10 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
7 CVE-2008-3645 119 Exec Code Overflow 2008-10-10 2017-08-07
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.
8 CVE-2008-3642 119 DoS Exec Code Overflow 2008-10-10 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
9 CVE-2008-3637 94 Exec Code 2008-09-26 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
10 CVE-2008-3621 399 DoS Exec Code Mem. Corr. 2008-09-16 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
11 CVE-2008-3616 189 DoS Exec Code Overflow 2008-09-16 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
12 CVE-2008-3608 399 DoS Exec Code Mem. Corr. 2008-09-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
13 CVE-2008-3438 94 Exec Code 2008-08-01 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
14 CVE-2008-2332 399 DoS Exec Code Mem. Corr. 2008-09-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
15 CVE-2008-2311 362 Exec Code 2008-07-01 2017-08-07
7.6
Admin Remote High Not required Complete Complete Complete
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
16 CVE-2008-2310 134 DoS Exec Code 2008-07-01 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
17 CVE-2008-2309 264 Exec Code 2008-07-01 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
18 CVE-2008-2305 119 Exec Code Overflow 2008-09-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
19 CVE-2008-1577 DoS Exec Code Mem. Corr. 2008-06-02 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
20 CVE-2008-1576 399 DoS Exec Code +Info 2008-06-02 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message.
21 CVE-2008-1575 399 Exec Code Mem. Corr. 2008-06-02 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
22 CVE-2008-1574 119 DoS Exec Code Overflow 2008-06-02 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
23 CVE-2008-1034 189 DoS Exec Code Overflow 2008-06-02 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.
24 CVE-2008-1032 Exec Code 2008-06-02 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
25 CVE-2008-1031 119 DoS Exec Code Overflow 2008-06-02 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
26 CVE-2008-1030 20 DoS Exec Code Overflow 2008-06-02 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
27 CVE-2008-1028 20 DoS Exec Code 2008-06-02 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
28 CVE-2008-0998 264 Exec Code Bypass 2008-03-18 2017-08-07
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
29 CVE-2008-0997 119 DoS Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
30 CVE-2008-0992 119 Exec Code Overflow 2008-03-18 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
31 CVE-2008-0989 134 Exec Code 2008-03-18 2017-08-07
6.9
Admin Local Medium Not required Complete Complete Complete
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
32 CVE-2008-0226 119 Exec Code Overflow 2008-01-10 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
33 CVE-2008-0059 362 Exec Code 2008-03-18 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
34 CVE-2008-0058 362 Exec Code 2008-03-18 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
35 CVE-2008-0057 189 Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
36 CVE-2008-0056 119 Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
37 CVE-2008-0054 20 Exec Code 2008-03-18 2017-08-07
6.4
None Remote Low Not required None Partial Partial
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
38 CVE-2008-0051 189 Exec Code Overflow 2008-03-18 2017-08-07
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
39 CVE-2008-0049 264 Exec Code 2008-03-18 2017-08-07
1.9
None Local Medium Not required None Partial None
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
40 CVE-2008-0048 119 Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
41 CVE-2008-0044 119 DoS Exec Code Overflow 2008-03-18 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.
42 CVE-2008-0042 94 Exec Code 2008-02-12 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.
43 CVE-2008-0040 399 DoS Exec Code Mem. Corr. 2008-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.
Total number of vulnerabilities : 43   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.