Vulnerability-Lookup

CVE-2008-2307 (GCVE-0-2008-2307)

Vulnerability from cvelistv5 – Published: 2008-06-23 20:00 – Updated: 2024-08-07 08:58

Summary

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://support.apple.com/kb/HT2163	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.vupen.com/english/advisories/2008/1981…	vdb-entryx_refsource_VUPEN
	http://support.apple.com/kb/HT2165	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/30775	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/30801	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1882…	vdb-entryx_refsource_VUPEN
	http://support.apple.com/kb/HT2092	x_refsource_CONFIRM
	http://secunia.com/advisories/30992	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.kb.cert.org/vuls/id/361043	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/29836	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/2094…	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id?1020330	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/31074	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1980	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:02.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "FEDORA-2008-6220",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
          },
          {
            "name": "ADV-2008-1981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2165"
          },
          {
            "name": "FEDORA-2008-6186",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
          },
          {
            "name": "30775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30775"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
          },
          {
            "name": "30801",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30801"
          },
          {
            "name": "ADV-2008-1882",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1882/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2092"
          },
          {
            "name": "30992",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30992"
          },
          {
            "name": "APPLE-SA-2008-07-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
          },
          {
            "name": "VU#361043",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/361043"
          },
          {
            "name": "29836",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29836"
          },
          {
            "name": "ADV-2008-2094",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2094/references"
          },
          {
            "name": "APPLE-SA-2008-06-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
          },
          {
            "name": "1020330",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020330"
          },
          {
            "name": "31074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31074"
          },
          {
            "name": "ADV-2008-1980",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1980"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-07-08T09:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2163"
        },
        {
          "name": "FEDORA-2008-6220",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
        },
        {
          "name": "ADV-2008-1981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1981/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2165"
        },
        {
          "name": "FEDORA-2008-6186",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
        },
        {
          "name": "30775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30775"
        },
        {
          "name": "APPLE-SA-2008-06-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
        },
        {
          "name": "30801",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30801"
        },
        {
          "name": "ADV-2008-1882",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1882/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2092"
        },
        {
          "name": "30992",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30992"
        },
        {
          "name": "APPLE-SA-2008-07-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
        },
        {
          "name": "VU#361043",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/361043"
        },
        {
          "name": "29836",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29836"
        },
        {
          "name": "ADV-2008-2094",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2094/references"
        },
        {
          "name": "APPLE-SA-2008-06-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
        },
        {
          "name": "1020330",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020330"
        },
        {
          "name": "31074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31074"
        },
        {
          "name": "ADV-2008-1980",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1980"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "FEDORA-2008-6220",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "http://support.apple.com/kb/HT2165",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2165"
            },
            {
              "name": "FEDORA-2008-6186",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
            },
            {
              "name": "30775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30775"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
            },
            {
              "name": "30801",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30801"
            },
            {
              "name": "ADV-2008-1882",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1882/references"
            },
            {
              "name": "http://support.apple.com/kb/HT2092",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2092"
            },
            {
              "name": "30992",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30992"
            },
            {
              "name": "APPLE-SA-2008-07-11",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
            },
            {
              "name": "VU#361043",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/361043"
            },
            {
              "name": "29836",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29836"
            },
            {
              "name": "ADV-2008-2094",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2094/references"
            },
            {
              "name": "APPLE-SA-2008-06-19",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
            },
            {
              "name": "1020330",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020330"
            },
            {
              "name": "31074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31074"
            },
            {
              "name": "ADV-2008-1980",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1980"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2307",
    "datePublished": "2008-06-23T20:00:00.000Z",
    "dateReserved": "2008-05-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:58:02.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-343

Vulnerability from certfr_avis - Published: 2008-07-02 - Updated: 2008-07-02

Plusieurs vulnérablités concernant le système d'exploitation Apple Mac OS X ont été corrigées.

Description

Plusieurs vulnérablités ont été corrigées :

Alias Manager : un alias spécifiquement créé permet l'exécution de code arbitraire ;
CoresTypes : des contenus incertains peuvent être ouverts automatiquement ;
c++filt : une chaine de caratères spécifiquement créée permet l'exécution de code arbitraire ;
Dock : une personne ayant physiquement accès à la machine peut contourner l'écran de verrouillage ;
Launch Services : du code malveillant peut être exécuté via un site Web malveillant ;
Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;
Ruby : une chaine de caractères ou un tableau spécifiquement créé permet l'exécution de code arbitraire ;
SMB File Server : une trame SMB spécialement réalisée permet l'exécution de code arbitraire ;
System Configuration : un utilisateur local peut exécuter du code arbitraire avec les droits de nouveaux utilisateurs ;
Tomcat : plusieurs vulnérabilités affectent le logiciel dont une permettant des attaques de type Cross Site Scripting ;
VPN : un attaquant peut réaliser un déni de service à distance à l'aide de paquets UDP spécifiquement créés ;
Webkit : du code malveillant peut être exécuté via un site Web malveillant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Mac OS X versions v10.5.3 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Mise à jour de sécurité Apple 2008-004 du 30 juin 2008	None	vendor-advisory
Bulletin de sécurité Apple 2008-004 du 30 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple Mac OS X versions v10.5.3 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Alias Manager : un alias sp\u00e9cifiquement cr\u00e9\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   CoresTypes : des contenus incertains peuvent \u00eatre ouverts\n    automatiquement ;\n-   c++filt : une chaine de carat\u00e8res sp\u00e9cifiquement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire ;\n-   Dock : une personne ayant physiquement acc\u00e8s \u00e0 la machine peut\n    contourner l\u0027\u00e9cran de verrouillage ;\n-   Launch Services : du code malveillant peut \u00eatre ex\u00e9cut\u00e9 via un site\n    Web malveillant ;\n-   Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;\n-   Ruby : une chaine de caract\u00e8res ou un tableau sp\u00e9cifiquement cr\u00e9\u00e9\n    permet l\u0027ex\u00e9cution de code arbitraire ;\n-   SMB File Server : une trame SMB sp\u00e9cialement r\u00e9alis\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire ;\n-   System Configuration : un utilisateur local peut ex\u00e9cuter du code\n    arbitraire avec les droits de nouveaux utilisateurs ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s affectent le logiciel dont une\n    permettant des attaques de type Cross Site Scripting ;\n-   VPN : un attaquant peut r\u00e9aliser un d\u00e9ni de service \u00e0 distance \u00e0\n    l\u0027aide de paquets UDP sp\u00e9cifiquement cr\u00e9\u00e9s ;\n-   Webkit : du code malveillant peut \u00eatre ex\u00e9cut\u00e9 via un site Web\n    malveillant.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
    },
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2008-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2309"
    },
    {
      "name": "CVE-2008-2725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
    },
    {
      "name": "CVE-2008-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2313"
    },
    {
      "name": "CVE-2008-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1145"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2311"
    },
    {
      "name": "CVE-2007-3382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
    },
    {
      "name": "CVE-2007-3383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3383"
    },
    {
      "name": "CVE-2008-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1105"
    },
    {
      "name": "CVE-2005-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3164"
    },
    {
      "name": "CVE-2008-0960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0960"
    },
    {
      "name": "CVE-2008-2664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2007-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    },
    {
      "name": "CVE-2008-2726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
    },
    {
      "name": "CVE-2008-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2314"
    },
    {
      "name": "CVE-2008-2662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
    },
    {
      "name": "CVE-2008-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2307"
    },
    {
      "name": "CVE-2008-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2308"
    },
    {
      "name": "CVE-2007-6276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6276"
    },
    {
      "name": "CVE-2007-3385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
    },
    {
      "name": "CVE-2008-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2310"
    }
  ],
  "initial_release_date": "2008-07-02T00:00:00",
  "last_revision_date": "2008-07-02T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-004 du 30 juin 2008 :",
      "url": "http://support.apple.com/kb/HT2163"
    }
  ],
  "reference": "CERTA-2008-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rablit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-004 du 30 juin 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-331

Vulnerability from certfr_avis - Published: 2008-06-20 - Updated: 2008-07-04

Des vulnérabilités ont été découvertes dans la navigateur Safari. Ces vulnérabilités permettent un contournement de la politique de sécurité et l'exécution de code arbitraire à distance sous Windows.

Description

Une vulnérabilité a été découverte dans la navigateur Safari d'Apple. Cette vulnérabilité permet via un site spécialement construit de forcer le téléchargement d'un fichier quelconque sur l'ordinateur de la victime. Ce fichier est téléchargé directement dans le répertoire de téléchargement défini dans les propriétés du navigateur (le Bureau par défaut).

Comme indiqué dans le bulletin d'actualité CERTA-2008-ACT-023, cette vulnérabilité peut également permettre l'exécution de code arbitraire sous Microsoft Windows. En effet, une « fonctionnalité » de Internet Explorer est de charger sous certaines conditions des bibliothèques de fonctions (DLL) depuis le bureau. Le téléchargement d'un tel fichier sous Safari suivi de l'exécution de Internet Explorer permet ainsi à une personne malveillante d'exécuter du code arbitraire à distance.

De plus, une autre vulnérabilité a été découverte dans la manière de traiter les fichiers BMP et GIF par Safari sous Microsoft Windows. Cette vulnérabilité peut être utilisée afin de lire certaines zones de la mémoire.

Une dernière vulnérabilité sur Windows et MacOS concerne un problème de corruption de mémoire dans le traitement de tableaux en Javascript par Webkit. Une personne malintentionnée pourrait exploiter cette faille pour exécuter du code arbitraire à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari version 3.1.1. pour MacOS et versions antérieures.
	Apple	Safari	Safari version 3.1.1 pour Windows et versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2092 du 19 juin 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-008 du 20 juin 2008 :	-	other
Bulletin de sécurité Apple HT2165 du 30 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari version 3.1.1. pour MacOS et versions ant\u00e9rieures.",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari version 3.1.1 pour Windows et versions ant\u00e9rieures ;",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la navigateur Safari d\u0027Apple.\nCette vuln\u00e9rabilit\u00e9 permet via un site sp\u00e9cialement construit de forcer\nle t\u00e9l\u00e9chargement d\u0027un fichier quelconque sur l\u0027ordinateur de la\nvictime. Ce fichier est t\u00e9l\u00e9charg\u00e9 directement dans le r\u00e9pertoire de\nt\u00e9l\u00e9chargement d\u00e9fini dans les propri\u00e9t\u00e9s du navigateur (le Bureau par\nd\u00e9faut).\n\nComme indiqu\u00e9 dans le bulletin d\u0027actualit\u00e9 CERTA-2008-ACT-023, cette\nvuln\u00e9rabilit\u00e9 peut \u00e9galement permettre l\u0027ex\u00e9cution de code arbitraire\nsous Microsoft Windows. En effet, une \u00ab fonctionnalit\u00e9 \u00bb de Internet\nExplorer est de charger sous certaines conditions des biblioth\u00e8ques de\nfonctions (DLL) depuis le bureau. Le t\u00e9l\u00e9chargement d\u0027un tel fichier\nsous Safari suivi de l\u0027ex\u00e9cution de Internet Explorer permet ainsi \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nDe plus, une autre vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la mani\u00e8re de\ntraiter les fichiers BMP et GIF par Safari sous Microsoft Windows. Cette\nvuln\u00e9rabilit\u00e9 peut \u00eatre utilis\u00e9e afin de lire certaines zones de la\nm\u00e9moire.\n\nUne derni\u00e8re vuln\u00e9rabilit\u00e9 sur Windows et MacOS concerne un probl\u00e8me de\ncorruption de m\u00e9moire dans le traitement de tableaux en Javascript par\nWebkit. Une personne malintentionn\u00e9e pourrait exploiter cette faille\npour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-2306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2306"
    },
    {
      "name": "CVE-2008-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2307"
    }
  ],
  "initial_release_date": "2008-06-20T00:00:00",
  "last_revision_date": "2008-07-04T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-008 du 20 juin 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-008/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2165 du 30 juin 2008 :",
      "url": "http://support.apple.com/kb/HT2165"
    }
  ],
  "reference": "CERTA-2008-AVI-331",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-20T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027une r\u00e9f\u00e9rence au bulletin d\u0027Apple sur MacOS et mise \u00e0 jour de la description.",
      "revision_date": "2008-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans la navigateur Safari. Ces\nvuln\u00e9rabilit\u00e9s permettent un contournement de la politique de s\u00e9curit\u00e9\net l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sous Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du navigateur Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2092 du 19 juin 2008",
      "url": "http://support.apple.com/kb/HT2092"
    }
  ]
}

GSD-2008-2307

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2307

Aliases

CVE-2008-2307

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2307",
    "description": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.",
    "id": "GSD-2008-2307"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2307"
      ],
      "details": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.",
      "id": "GSD-2008-2307",
      "modified": "2023-12-13T01:23:00.767235Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2307",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT2163",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "FEDORA-2008-6220",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
          },
          {
            "name": "ADV-2008-1981",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "http://support.apple.com/kb/HT2165",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2165"
          },
          {
            "name": "FEDORA-2008-6186",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
          },
          {
            "name": "30775",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30775"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
          },
          {
            "name": "30801",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30801"
          },
          {
            "name": "ADV-2008-1882",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1882/references"
          },
          {
            "name": "http://support.apple.com/kb/HT2092",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2092"
          },
          {
            "name": "30992",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30992"
          },
          {
            "name": "APPLE-SA-2008-07-11",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
          },
          {
            "name": "VU#361043",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/361043"
          },
          {
            "name": "29836",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29836"
          },
          {
            "name": "ADV-2008-2094",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2094/references"
          },
          {
            "name": "APPLE-SA-2008-06-19",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
          },
          {
            "name": "1020330",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020330"
          },
          {
            "name": "31074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31074"
          },
          {
            "name": "ADV-2008-1980",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1980"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.5.3",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:macbook:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:macbook_pro:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:mac_mini:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2307"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-06-19",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
            },
            {
              "name": "29836",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/29836"
            },
            {
              "name": "FEDORA-2008-6220",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
            },
            {
              "name": "FEDORA-2008-6186",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
            },
            {
              "name": "APPLE-SA-2008-07-11",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
            },
            {
              "name": "30801",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30801"
            },
            {
              "name": "http://support.apple.com/kb/HT2165",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT2165"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
            },
            {
              "name": "VU#361043",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/361043"
            },
            {
              "name": "30775",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30775"
            },
            {
              "name": "31074",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31074"
            },
            {
              "name": "http://support.apple.com/kb/HT2092",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT2092"
            },
            {
              "name": "30992",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30992"
            },
            {
              "name": "1020330",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020330"
            },
            {
              "name": "ADV-2008-1882",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1882/references"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "ADV-2008-1980",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1980"
            },
            {
              "name": "ADV-2008-2094",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2094/references"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-03-15T04:00Z",
      "publishedDate": "2008-06-23T20:41Z"
    }
  }
}

GHSA-2WHF-MX89-7886

Vulnerability from github – Published: 2022-05-01 23:48 – Updated: 2022-05-01 23:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2307"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-23T20:41:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.",
  "id": "GHSA-2whf-mx89-7886",
  "modified": "2022-05-01T23:48:46Z",
  "published": "2022-05-01T23:48:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2307"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30775"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30801"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30992"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2092"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2165"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/361043"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29836"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020330"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1882/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1980"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-2307

Vulnerability from fkie_nvd - Published: 2008-06-23 20:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html	Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html
cve@mitre.org	http://secunia.com/advisories/30775	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30801	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30992	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/31074	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT2092
cve@mitre.org	http://support.apple.com/kb/HT2163	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT2165	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/361043	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/29836	Patch
cve@mitre.org	http://www.securitytracker.com/id?1020330
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1882/references	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1980	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1981/references	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2094/references	Vendor Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30801	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30992	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31074	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2092
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2163	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2165	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/361043	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29836	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020330
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1882/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1980	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1981/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2094/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.0
apple	mac_os_x	10.0.1
apple	mac_os_x	10.0.2
apple	mac_os_x	10.0.3
apple	mac_os_x	10.0.4
apple	mac_os_x	10.1
apple	mac_os_x	10.1.1
apple	mac_os_x	10.1.2
apple	mac_os_x	10.1.3
apple	mac_os_x	10.1.4
apple	mac_os_x	10.1.5
apple	mac_os_x	10.2
apple	mac_os_x	10.2.1
apple	mac_os_x	10.2.2
apple	mac_os_x	10.2.3
apple	mac_os_x	10.2.4
apple	mac_os_x	10.2.5
apple	mac_os_x	10.2.6
apple	mac_os_x	10.2.7
apple	mac_os_x	10.2.8
apple	mac_os_x	10.3
apple	mac_os_x	10.3.1
apple	mac_os_x	10.3.2
apple	mac_os_x	10.3.3
apple	mac_os_x	10.3.4
apple	mac_os_x	10.3.5
apple	mac_os_x	10.3.6
apple	mac_os_x	10.3.7
apple	mac_os_x	10.3.8
apple	mac_os_x	10.3.9
apple	mac_os_x	10.4
apple	mac_os_x	10.4.1
apple	mac_os_x	10.4.2
apple	mac_os_x	10.4.3
apple	mac_os_x	10.4.4
apple	mac_os_x	10.4.5
apple	mac_os_x	10.4.6
apple	mac_os_x	10.4.7
apple	mac_os_x	10.4.8
apple	mac_os_x	10.4.8
apple	mac_os_x	10.4.8
apple	mac_os_x	10.4.8
apple	mac_os_x	10.4.9
apple	mac_os_x	10.4.10
apple	mac_os_x	10.4.11
apple	mac_os_x	10.5
apple	mac_os_x	10.5.1
apple	mac_os_x	10.5.2
apple	mac_os_x	10.5.2
microsoft	windows	*
microsoft	windows_vista	*
microsoft	windows_xp	*
apple	safari	*
apple	safari	3.0
apple	safari	3.0.1
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4
apple	safari	3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44248469-2B47-43FC-9B9F-8DBDD6BC9F3C",
              "versionEndIncluding": "10.5.3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C273D1-ADFE-4B4C-B543-7B9CA741A117",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC31B69-3DE1-4CF3-ADC9-CA0BF1714CBF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77CC671C-6D89-4279-86F7-DDE1D4D9A0CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4B77F6-E71C-45ED-96CC-7872AD2FCBF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "066ABC3B-B395-42D2-95C0-5B810F91A6F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC19FC-6E03-4000-AE4B-232E47FA76F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "421FC2DD-0CF7-44A2-A63C-5221689E2363",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8B70BC-42B7-453A-B506-7BE69D49A4B5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAC6EA5-DCB2-4A50-A8BC-25CC43FAEF9B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA32F7D8-02F8-4CFE-B193-2888807BC4D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9DCDE70-07DA-4F0B-805F-6BA03D410CD6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCF4FB3-F781-46D5-BEE7-485B3DC78B83",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE52A344-8B07-480D-A57F-B1F6E6574F3B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CC0444-570C-4BB5-B53A-C5CA0BD87935",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E3EED7-FE30-4620-B40B-9CC49B77408A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AFD8BC6-4893-4D9D-A26E-27AAC864F94B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD1F9A1-5ADB-451D-9525-D545E42D2B8F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7A24978-2891-425C-ACF6-E8F5C839C54A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B20E130-6078-4336-B614-273C27142B46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB461678-560D-436E-A3AE-9E1E16DB0412",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFDADE04-29F0-446B-824B-0518880CF0A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9BE602-A740-4CF7-9CAF-59061B16AB31",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E698C1-C313-40E6-BAF9-7C8F9CF02484",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "421079DA-B605-4E05-9454-C30CF7631CF4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B734BA-3435-40A9-B22B-5D56CEB865A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "30897327-44DD-4D6C-B8B6-2D66C44EA55D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79D8F73-2E78-4A67-96BB-21AD9BCB0094",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:mac_mini:*:*:*:*:*",
              "matchCriteriaId": "ED946D47-0E49-4A56-A509-72D936167D2D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:macbook:*:*:*:*:*",
              "matchCriteriaId": "6E9BAD0F-7B96-4842-9C23-1B53B4CFE2D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:macbook_pro:*:*:*:*:*",
              "matchCriteriaId": "666E67AD-6097-4D69-810D-2D4403A6B31D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*",
              "matchCriteriaId": "0DA315DB-10DF-4D18-A575-37A70F9AFD3F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E618E967-379B-46AA-973E-EBBBBA44FDC7",
              "versionEndIncluding": "3.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "912A26D1-3264-464F-B101-1796B35437E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versi\u00f3n 3.1.2, distribuida en Mac OS X anterior a la versi\u00f3n 10.5.4, e independiente para Windows y Mac OS X versi\u00f3n 10.4, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario por medio de vectores que involucra a la matriz JavaScript que desencadena una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2008-2307",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-06-23T20:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30775"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30801"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30992"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT2092"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2165"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/361043"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020330"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1882/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1980"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT2092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/361043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1882/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2307 (GCVE-0-2008-2307)

CERTA-2008-AVI-343

Description

Solution

CERTA-2008-AVI-331

Description

Solution

GSD-2008-2307

GHSA-2WHF-MX89-7886

FKIE_CVE-2008-2307

Tags

Sightings

Nomenclature