CVE-2008-4211

Published: Oct 10, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."

Affected (23)

Products: Apple: Mac Os X, Mac Os X Server, Iphone Os

3 products

Mac Os X Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.5.5
Apple Mac Os X Server	Version 10.5.5

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 1.0.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1
Apple Iphone Os	Version 2.0.2
Apple Iphone Os	Version 2.1

Related CWEs

References (24)

http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32222

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32756

Source: cve@mitre.org

Vendor Advisory

http://support.apple.com/kb/HT3216

Source: cve@mitre.org

http://support.apple.com/kb/HT3318

Source: cve@mitre.org

http://www.securityfocus.com/bid/31681

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/31707

Source: cve@mitre.org

http://www.securitytracker.com/id?1021027

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2780

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3232

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/45784

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32222

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32756

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT3216

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3318

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31681

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/31707

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021027

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2780

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3232

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/45784

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.