Lucene search

[email protected]NVD:CVE-2009-2204

HistoryAug 03, 2009 - 6:30 p.m.

CVE-2009-2204

2009-08-0318:30:00

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.21 Low

EPSS

Percentile

96.4%

JSON

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

Affected configurations

NVD

Node

appleiphone_osRange≤3.0

appleiphone_osMatch1.0

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

References

lists.apple.com/archives/security-announce/2009/Jul/msg00001.html

news.cnet.com/8301-1009_3-10278472-83.html

secunia.com/advisories/36070

securitytracker.com/id?1022626

support.apple.com/kb/HT3754

www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

www.osvdb.org/55687

www.securityfocus.com/bid/35569

www.syscan.org/Sg/program.html

www.vupen.com/english/advisories/2009/2105

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.21 Low

EPSS

Percentile

96.4%

JSON

Related for NVD:CVE-2009-2204

prion1 cvelist1 cve2 seebug1 nvd1