{ "id": "CVE-2008-1035", "sourceIdentifier": "cve@mitre.org", "published": "2008-06-03T20:32:00.000", "lastModified": "2018-10-11T20:29:08.193", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an \"ATTACH;VALUE=URI:S=osumi\" line in a .ics file, which triggers a \"resource liberation\" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier." }, { "lang": "es", "value": "Una vulnerabilidad de uso de la memoria previamente liberada en Apple iCal versi\u00f3n 3.0.1 en Mac OS X, permite a los servidores CalDAV remotos y atacantes remotos asistidos por el usuario activar una corrupci\u00f3n de memoria o posiblemente ejecutar un c\u00f3digo arbitrario mediante una l\u00ednea \"ATTACH;VALUE=URI:S=osumi\" en un archivo .ics, que desencadena un bug de \"resource liberation\". NOTA: CVE-2008-2007 fue usado originalmente para este problema, pero este es el identificador apropiado." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-94" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apple:ical:3.0.1:*:os_x:*:*:*:*:*", "matchCriteriaId": "14F2AD70-926E-443A-8355-25A1F0F7C776" } ] } ] } ], "references": [ { "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "source": "cve@mitre.org" }, { "url": "http://www.coresecurity.com/?action=item&id=2219", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.securityfocus.com/archive/1/492414/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/492638/100/100/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/492682/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/28633", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/29412", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/29486", "source": "cve@mitre.org" }, { "url": "http://www.securitytracker.com/id?1020095", "source": "cve@mitre.org" }, { "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "source": "cve@mitre.org", "tags": [ "US Government Resource" ] }, { "url": "http://www.vupen.com/english/advisories/2008/1601", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2008/1697", "source": "cve@mitre.org" } ] }