1. CVE-Search
  2. CVE-2008-2303
ID CVE-2008-2303
Summary Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 09-08-2022 - 13:46)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
apple
  • APPLE-SA-2008-07-11
  • APPLE-SA-2008-11-13
bid 30186
confirm http://support.apple.com/kb/HT3298
secunia
  • 31074
  • 32706
vupen ADV-2008-2094
xf ipod-iphone-javascript-code-execution(43736)
Last major update 09-08-2022 - 13:46
Published 14-07-2008 - 18:41
Last modified 09-08-2022 - 13:46
Back to Top