Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1035

CWE-94Code Injection4 documents4 sources
Severity
4.3MEDIUM
EPSS
20.9%
top 4.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Ical
Timeline
PublishedJun 3
Latest updateMay 1

Description

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/ical3.0.1

🔴Vulnerability Details

2
GHSA
GHSA-jvpq-g65q-2gfj: Use-after-free vulnerability in Apple iCal 32022-05-01
CVEList
CVE-2008-1035: Use-after-free vulnerability in Apple iCal 32008-06-03

💥Exploits & PoCs

1
Exploit-DB
Apple iCal 3.0.1 - 'ATTACH' Denial of Service2008-04-21
CVE-2008-1035 (MEDIUM CVSS 4.3) | Use-after-free vulnerability in App | cvebase.io