Vulnerability CVE-2008-0987


Published: 2008-03-18   Modified: 2011-08-04

Description:
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Apple
Product: Iphoto 
Version: 7.1.2;
Product: Aperture 
Version: 2;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://xforce.iss.net/xforce/xfdb/41294
http://www.vupen.com/english/advisories/2008/0957/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.securitytracker.com/id?1019684
http://www.securitytracker.com/id?1019683
http://www.securitytracker.com/id?1019659
http://www.securityfocus.com/bid/28363
http://www.securityfocus.com/bid/28304
http://support.apple.com/kb/HT1232
http://secunia.com/advisories/29469
http://secunia.com/advisories/29420
http://lists.apple.com/archives/security-announce/2008/Mar/msg00003.html
http://docs.info.apple.com/article.html?artnum=307562

Related CVE
CVE-2017-2506
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c...
CVE-2017-2502
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to...
CVE-2017-2504
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) ...
CVE-2017-2496
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c...
CVE-2011-3438
WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.
CVE-2011-3428
Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.
CVE-2010-1776
Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the de...
CVE-2016-4650
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Copyright 2017, cxsecurity.com