Apple iCal 3.0.1 - 'ATTACH' Parameter Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28633/info Apple iCal is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input data. Successful exploits will crash the application. Given the nature of this issue, attacke...

Apple iCal 3.0.1 - 'COUNT' Parameter Integer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28629/info Apple iCal is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. An attacker can exploit this issue to execute arbitrary code within the context of the...

CVE-2008-1035

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE:...

CVE-2008-1035

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE:...

Apple iCal ATTACH参数拒绝服务漏洞

BUGTRAQ ID: 28633 CVECAN ID: CVE-2008-2007 iCal是Mac OS X操作系统中所捆绑的个人日历程序。 iCal在处理畸形格式的ICS文件时存在漏洞，可能导致应用程序处理时崩溃。 如果用户受骗打开的.ics文件包含有以下行的话： /----------- ATTACH;VALUE=URI:S=osumi - -----------/ iCal在导入.ics文件后试图使用ATTACH值时会出现错误的资源释放，导致应用程序崩溃。 Apple iCal 3.0.1 Apple -----...

Apple iCal COUNT参数整数溢出漏洞

BUGTRAQ ID: 28629 CVECAN ID: CVE-2008-2006 iCal是Mac OS X操作系统中所捆绑的个人日历程序。 iCal在处理畸形格式的ICS文件时存在漏洞，可能导致应用程序处理时崩溃。 iCal没有正确的过滤整数输入，如果用户受骗打开的.ics文件包含有以下行的话： /----------- RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2147483646 - -----------/ COUNT值就会触发整数溢出，导致iCal在导入.ics文件后试图使用该值时出现空指针引用，应用程序会崩溃。 Apple iCal 3.0.1...

Apple iCal TRIGGER参数拒绝服务漏洞

BUGTRAQ ID: 28632 CVECAN ID: CVE-2008-2006 iCal是Mac OS X操作系统中所捆绑的个人日历程序。 iCal在处理畸形格式的ICS文件时存在漏洞，可能导致应用程序处理时崩溃。 如果用户受骗打开的.ics文件包含有以下行的话： /----------- TRIGGER:-PT65535H - -----------/ iCal在导入.ics文件后试图使用TRIGGER值时会出现空指针引用，导致应用程序崩溃。 Apple iCal 3.0.1 Apple -----...

CVE-2008-2006

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a .ics file containing 1 a large 16-bit integer on a TRIGGER line, or 2 a large integer...

CVE-2008-2006

Summary of the CVE-2008-2006 family (Apple iCal) : The iCal client on Mac OS X 10.5.x (notably 3.0.1; affected up to 10.5.2; PoCs mention 3.0.1/3.0.2) contains multiple input-validation bugs in ICS parsing. Root causes include (1) integer overflow/null-pointer dereference on a COUNT value in an R...

CVE-2008-2006

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a .ics file containing 1 a large 16-bit integer on a TRIGGER line, or 2 a large integer...

Apple iCAL multiple security vulnerabilities

Multiple vulnerabilities on .ics files parsing...

Apple iCal 3.0.1 - TRIGGER Denial of Service

Apple iCal 3.0.1 - TRIGGER Denial of Service source: https://www.securityfocus.com/bid/28632/info Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files. An attacker can exploit this issue to crash the affected application, denying service to...

Apple iCal 3.0.1 - 'COUNT' Integer Overflow

source: https://www.securityfocus.com/bid/28629/info Apple iCal is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit...

Apple iCal 3.0.1 - 'ATTACH' Denial of Service

source: https://www.securityfocus.com/bid/28633/info Apple iCal is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input data. Successful exploits will crash the application. Given the nature of this issue, attackers may also be able to run arbitra...

Apple iCal 3.0.1 - 'TRIGGER' Denial of Service

source: https://www.securityfocus.com/bid/28632/info Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects iCal 3.0....

Apple iCal 3.0.1 - ATTACH Denial of Service

Apple iCal 3.0.1 - ATTACH Denial of Service source: https://www.securityfocus.com/bid/28633/info Apple iCal is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input data. Successful exploits will crash the application. Given the nature of this issu...