CVE-2008-4211
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.3 High
AI Score
Confidence
High
0.035 Low
EPSS
Percentile
91.7%
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to “handling of columns.”
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:mac_os_x | apple mac os x | eq | 10.5.5 |
| apple:mac_os_x_server | apple mac os x server | eq | 10.5.5 |
References
lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
secunia.com/advisories/32222
secunia.com/advisories/32756
support.apple.com/kb/HT3216
support.apple.com/kb/HT3318
www.securityfocus.com/bid/31681
www.securityfocus.com/bid/31707
www.securitytracker.com/id?1021027
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2008/3232
exchange.xforce.ibmcloud.com/vulnerabilities/45784
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.3 High
AI Score
Confidence
High
0.035 Low
EPSS
Percentile
91.7%