Lucene search
RootSSV:3323HistoryMay 23, 2008 - 12:00 a.m.
Apple iCal COUNT参数整数溢出漏洞
2008-05-2300:00:00
Root
www.seebug.org
27
EPSS
0.081
Percentile
94.3%
BUGTRAQ ID: 28629
CVE(CAN) ID: CVE-2008-2006
iCal是Mac OS X操作系统中所捆绑的个人日历程序。
iCal在处理畸形格式的ICS文件时存在漏洞,可能导致应用程序处理时崩溃。
iCal没有正确的过滤整数输入,如果用户受骗打开的.ics文件包含有以下行的话:
/-----------
RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2147483646
- -----------/
COUNT值就会触发整数溢出,导致iCal在导入.ics文件后试图使用该值时出现空指针引用,应用程序会崩溃。
Apple iCal 3.0.1
Apple
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://www.apple.com” target=“_blank”>http://www.apple.com</a>
http://www.coresecurity.com/?action=item&id=2219
Related
cvelist
cvelist
CVE-2008-2006
2008-05-22 10:00:00
exploitdb
exploitdb
Apple iCal 3.0.1 - 'COUNT' Integer Overflow
2008-04-21 00:00:00
Apple iCal 3.0.1 - 'TRIGGER' Denial of Service
2008-04-21 00:00:00
seebug
seebug
Apple iCal TRIGGER参数拒绝服务漏洞
2008-05-23 00:00:00
nvd
nvd
CVE-2008-2006
2008-05-22 13:09:00
prion
prion
Null pointer dereference
2008-05-22 13:09:00
cve
cve
CVE-2008-2006
2008-05-22 13:09:00
securityvulns
securityvulns
Apple iCAL multiple security vulnerabilities
2008-05-22 00:00:00
CORE-2008-0126: Multiple vulnerabilities in iCal
2008-05-22 00:00:00
coresecurity
coresecurity
Multiple Vulnerabilities in iCal
2008-05-21 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0126
2008-05-22 00:00:00