Lucene search

[email protected]CVE-2008-2305

HistorySep 16, 2008 - 11:00 p.m.

CVE-2008-2305

2008-09-1623:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-2305

apple

mac os x

ats

buffer overflow

remote code execution

postscript font names

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to “PostScript font names.”

Affected configurations

NVD

Node

applemac_os_xMatch10.4.11

applemac_os_xMatch10.5

applemac_os_xMatch10.5.1

applemac_os_xMatch10.5.2

applemac_os_xMatch10.5.3

applemac_os_xMatch10.5.4

applemac_os_x_serverMatch10.4.11

applemac_os_x_serverMatch10.5

applemac_os_x_serverMatch10.5.1

applemac_os_x_serverMatch10.5.2

applemac_os_x_serverMatch10.5.3

applemac_os_x_serverMatch10.5.4

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.4.11
apple:mac_os_xapple mac os xeq10.5
apple:mac_os_xapple mac os xeq10.5.1
apple:mac_os_xapple mac os xeq10.5.2
apple:mac_os_xapple mac os xeq10.5.3
apple:mac_os_xapple mac os xeq10.5.4
apple:mac_os_x_serverapple mac os x servereq10.4.11
apple:mac_os_x_serverapple mac os x servereq10.5
apple:mac_os_x_serverapple mac os x servereq10.5.1
apple:mac_os_x_serverapple mac os x servereq10.5.2

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.4.11
apple:mac_os_x	apple mac os x	eq	10.5
apple:mac_os_x	apple mac os x	eq	10.5.1
apple:mac_os_x	apple mac os x	eq	10.5.2
apple:mac_os_x	apple mac os x	eq	10.5.3
apple:mac_os_x	apple mac os x	eq	10.5.4
apple:mac_os_x_server	apple mac os x server	eq	10.4.11
apple:mac_os_x_server	apple mac os x server	eq	10.5
apple:mac_os_x_server	apple mac os x server	eq	10.5.1
apple:mac_os_x_server	apple mac os x server	eq	10.5.2

Rows per page:

1-10 of 121

References

lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

secunia.com/advisories/31882

securitytracker.com/id?1020873

www.securityfocus.com/bid/31189

www.us-cert.gov/cas/techalerts/TA08-260A.html

www.vupen.com/english/advisories/2008/2584

exchange.xforce.ibmcloud.com/vulnerabilities/45162

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2008-2305

prion1 cvelist1 nvd1 openvas2 nessus2