CVE-2008-1035
CVE-2008-1035
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/31620unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://secunia.com/advisories/30430http://www.coresecurity.com/?action=item&id=2219http://www.securityfocus.com/archive/1/492414/100/0/threadedhttp://www.securityfocus.com/archive/1/492638/100/100/threadedhttp://www.securityfocus.com/archive/1/492682/100/0/threadedhttp://www.securityfocus.com/bid/28633http://www.securityfocus.com/bid/29412http://www.securityfocus.com/bid/29486http://www.securitytracker.com/id?1020095http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.vupen.com/english/advisories/2008/1601