Lucene search

[email protected]CVE-2009-2204

HistoryAug 03, 2009 - 6:30 p.m.

CVE-2009-2204

2009-08-0318:30:00

[email protected]

web.nvd.nist.gov

vulnerability

coretelephony

apple

iphone os

remote attackers

arbitrary code

gps

microphone

sms

memory corruption

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.21 Low

EPSS

Percentile

96.4%

JSON

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

Affected configurations

NVD

Node

appleiphone_osRange≤3.0

appleiphone_osMatch1.0

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

CPENameOperatorVersion
apple:iphone_osapple iphone osle3.0
apple:iphone_osapple iphone oseq1.0
apple:iphone_osapple iphone oseq1.0.0
apple:iphone_osapple iphone oseq1.0.1
apple:iphone_osapple iphone oseq1.0.2
apple:iphone_osapple iphone oseq1.1
apple:iphone_osapple iphone oseq1.1.0
apple:iphone_osapple iphone oseq1.1.1
apple:iphone_osapple iphone oseq1.1.2
apple:iphone_osapple iphone oseq1.1.3

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	3.0
apple:iphone_os	apple iphone os	eq	1.0
apple:iphone_os	apple iphone os	eq	1.0.0
apple:iphone_os	apple iphone os	eq	1.0.1
apple:iphone_os	apple iphone os	eq	1.0.2
apple:iphone_os	apple iphone os	eq	1.1
apple:iphone_os	apple iphone os	eq	1.1.0
apple:iphone_os	apple iphone os	eq	1.1.1
apple:iphone_os	apple iphone os	eq	1.1.2
apple:iphone_os	apple iphone os	eq	1.1.3

Rows per page:

1-10 of 171

References

lists.apple.com/archives/security-announce/2009/Jul/msg00001.html

news.cnet.com/8301-1009_3-10278472-83.html

secunia.com/advisories/36070

securitytracker.com/id?1022626

support.apple.com/kb/HT3754

www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

www.osvdb.org/55687

www.securityfocus.com/bid/35569

www.syscan.org/Sg/program.html

www.vupen.com/english/advisories/2009/2105

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.21 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2009-2204

prion1 cvelist1 nvd2 seebug1 cve1