Vulnerability-Lookup

CVE-2008-1572 (GCVE-0-2008-1572)

Vulnerability from cvelistv5 – Published: 2008-06-02 14:00 – Updated: 2024-08-07 08:24

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

8 references

URL	Tags
http://securitytracker.com/id?1020141	vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/29521	vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/29412	vdb-entryx_refsource_BID

Date Public

2008-05-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1020141",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020141"
          },
          {
            "name": "macosx-imagecapture-symlink(42719)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "29521",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29521"
          },
          {
            "name": "29412",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29412"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1020141",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020141"
        },
        {
          "name": "macosx-imagecapture-symlink(42719)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "29521",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29521"
        },
        {
          "name": "29412",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29412"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1572",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1020141",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020141"
            },
            {
              "name": "macosx-imagecapture-symlink(42719)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "29521",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29521"
            },
            {
              "name": "29412",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29412"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1572",
    "datePublished": "2008-06-02T14:00:00.000Z",
    "dateReserved": "2008-03-31T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:24:42.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-1572",
      "date": "2026-06-04",
      "epss": "0.00064",
      "percentile": "0.20215"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1572\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-02T21:30:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.\"},{\"lang\":\"es\",\"value\":\"Image Capture en Apple Mac OS X versiones anteriores a 10.5, no utiliza apropiadamente los archivos temporales, lo que permite a los usuarios locales sobrescribir archivos arbitrarios y desplegar im\u00e1genes que est\u00e1n siendo redimensionadas por \u00e9sta aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE39585-CF3B-4493-96D8-B394544C7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020141\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29412\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29521\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42719\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-278

Vulnerability from certfr_avis - Published: 2008-05-29 - Updated: 2008-05-29

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.

Description

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :

le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
etc.

Solution

Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac 0S X versions v10.4.x.
	Apple	N/A	Apple Mac OS X version v10.5.x ;

References

Title

Publication Time

FKIE_CVE-2008-1572

Vulnerability from fkie_nvd - Published: 2008-06-02 21:30 - Updated: 2026-04-23 00:35

Severity

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
cve@mitre.org	http://secunia.com/advisories/30430	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1020141
cve@mitre.org	http://www.securityfocus.com/bid/29412
cve@mitre.org	http://www.securityfocus.com/bid/29521
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42719
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020141
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29412
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29521
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42719

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	10.4.11
	apple	mac_os_x_server	10.4.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application."
    },
    {
      "lang": "es",
      "value": "Image Capture en Apple Mac OS X versiones anteriores a 10.5, no utiliza apropiadamente los archivos temporales, lo que permite a los usuarios locales sobrescribir archivos arbitrarios y desplegar im\u00e1genes que est\u00e1n siendo redimensionadas por \u00e9sta aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2008-1572",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-02T21:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020141"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29521"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HC66-4G9P-6242

Vulnerability from github – Published: 2022-05-01 23:41 – Updated: 2022-05-01 23:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1572"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-02T21:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.",
  "id": "GHSA-hc66-4g9p-6242",
  "modified": "2022-05-01T23:41:25Z",
  "published": "2022-05-01T23:41:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1572"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020141"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29412"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29521"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-1572

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1572

Aliases

CVE-2008-1572

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1572",
    "description": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.",
    "id": "GSD-2008-1572"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1572"
      ],
      "details": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.",
      "id": "GSD-2008-1572",
      "modified": "2023-12-13T01:23:02.816483Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1572",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1020141",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020141"
          },
          {
            "name": "macosx-imagecapture-symlink(42719)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
          },
          {
            "name": "TA08-150A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "ADV-2008-1697",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "29521",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29521"
          },
          {
            "name": "29412",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29412"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1572"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "29412",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29412"
            },
            {
              "name": "1020141",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020141"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "29521",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29521"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "macosx-imagecapture-symlink(42719)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:30Z",
      "publishedDate": "2008-06-02T21:30Z"
    }
  }
}

VAR-200805-0579

Vulnerability from variot - Updated: 2025-04-10 21:40

Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. A local attacker can exploit this issue to overwrite files with the privileges of another user running the affected application. This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11. NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.

I. Further details are available in the US-CERT Vulnerability Notes Database.

II.

III. These and other updates are available via Software Update or via Apple Downloads.

IV. Please send email to cert@cert.org with "TA08-150A Feedback VU#566875" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2008 by US-CERT, a government organization.

<http://www.us-cert.gov/legal.html>

Revision History

May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory.

2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service).

3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit).

4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file.

5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed.

Successful exploitation may allow execution of arbitrary code.

6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request.

7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument.

8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened.

9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types.

10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information.

11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

For more information: SA28083

12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed.

Successful exploitation may allow execution of arbitrary code.

13) A conversion error exists in ICU when handling certain character encodings. This can potentially be exploited bypass content filters and may lead to cross-site scripting and disclosure of sensitive information.

14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks.

16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory.

17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to the use of vulnerable libpng code.

For more information: SA27093 SA27130

18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6.

20) A vulnerability in Mongrel can be exploited by malicious people to disclose sensitive information.

For more information: SA28323

21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords.

22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed.

ORIGINAL ADVISORY: http://support.apple.com/kb/HT1897

OTHER REFERENCES: SA18008: http://secunia.com/advisories/18008/

SA18307: http://secunia.com/advisories/18307/

SA26273: http://secunia.com/advisories/26273/

SA26636: http://secunia.com/advisories/26636/

SA27093: http://secunia.com/advisories/27093/

SA27130: http://secunia.com/advisories/27130/

SA28081: http://secunia.com/advisories/28081/

SA28083: http://secunia.com/advisories/28083/

SA28323: http://secunia.com/advisories/28323/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200805-0579",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.3"
      },
      {
        "model": "mac os x server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "29521"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Melissa O\u0027NeillPaul HaddadRodrigo CarvalhoGynvael Coldwind",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-1572",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2008-1572",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-31697",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-1572",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-1572",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200806-010",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31697",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. \nA local attacker can exploit this issue to overwrite files with the privileges of another user running the affected application. \nThis issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11. \nNOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. \nThe security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. \n\nI. Further\n   details are available in the US-CERT Vulnerability Notes Database. \n\nII. \n\nIII.  These  and other updates are available via Software Update or\n   via Apple Downloads. \n\nIV. Please send\n  email to \u003ccert@cert.org\u003e with \"TA08-150A Feedback VU#566875\" in the\n  subject. \n _________________________________________________________________\n\n  For instructions on subscribing to or unsubscribing from this\n  mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n  Produced 2008 by US-CERT, a government organization. \n\n  Terms of use:\n\n    \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n   Revision History\n\n   May 29 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo\nYvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx\n403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN\nRjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom\nvmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI\nDcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==\n=QvSr\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\n1) An error in AFP server allows connected users or guests to access\nfiles and directories that are not within a shared directory. \n\n2) Some vulnerabilities in Apache can be exploited by malicious\npeople to conduct cross-site scripting attacks or to cause a DoS\n(Denial of Service). \n\n3) An unspecified error in AppKit can potentially be exploited to\nexecute arbitrary code when a user opens a specially crafted document\nfile with an editor that uses AppKit (e.g. TextEdit). \n\n4) Multiple unspecified errors exist in the processing of Pixlet\nvideo files. These can be exploited to cause memory corruption and\npotentially allow for execution of arbitrary code when a user opens a\nspecially crafted movie file. \n\n5) An unspecified error exists in Apple Type Services when processing\nembedded fonts in PDF files. This can be exploited to cause a memory\ncorruption when a PDF file containing a specially crafted embedded\nfont is printed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n6) An error in Safari\u0027s SSL client certificate handling can lead to\nan information disclosure of the first client certificate found in\nthe keychain when a web server issues a client certificate request. \n\n7) An integer overflow exists in CoreFoundation when handling CFData\nobjects. This can be exploited to cause a heap-based buffer overflow\nif an application calls \"CFDataReplaceBytes\" with an invalid \"length\"\nargument. \n\n8) An error due to an uninitialised variable in CoreGraphics can\npotentially be exploited to execute arbitrary code when a specially\ncrafted PDF is opened. \n\n9) A weakness is caused due to users not being warned before opening\ncertain potentially unsafe content types. \n\n10) An error when printing to password-protected printers with debug\nlogging enabled may lead to the disclosure of sensitive information. \n\n11) Some vulnerabilities in Adobe Flash Player can be exploited by\nmalicious people to bypass certain security restrictions, conduct\ncross-site scripting attacks, or to potentially compromise a user\u0027s\nsystem. \n\nFor more information:\nSA28083\n\n12) An integer underflow error in Help Viewer when handling\nhelp:topic URLs can be exploited to cause a buffer overflow when a \nspecially crafted help:topic URL is accessed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n13) A conversion error exists in ICU when handling certain character\nencodings. This can potentially be exploited bypass content filters\nand may lead to cross-site scripting and disclosure of sensitive\ninformation. \n\n14) Input passed to unspecified parameters in Image Capture\u0027s\nembedded web server is not properly sanitised before being used. This\ncan be exploited to disclose the content of local files via directory\ntraversal attacks. \n\n16) A boundary error in the BMP and GIF image decoding engine in\nImageIO can be exploited to disclose content in memory. \n\n17) Some vulnerabilities in ImageIO can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nThe vulnerabilities are caused due to the use of vulnerable libpng\ncode. \n\nFor more information:\nSA27093\nSA27130\n\n18) An integer overflow error in ImageIO within the processing of\nJPEG2000 images can be exploited to cause a heap-based buffer\noverflow when a specially crafted JPEG2000 image is viewed. \n\nSuccessful exploitation of this vulnerability may allow execution of\narbitrary code. \n\n19) An error in Mail is caused due to an uninitialised variable and\ncan lead to disclosure of sensitive information and potentially\nexecution of arbitrary code when mail is sent through an SMTP server\nover IPv6. \n\n20) A vulnerability in Mongrel can be exploited by malicious people\nto disclose sensitive information. \n\nFor more information:\nSA28323\n\n21) The sso_util command-line tool requires that passwords be passed\nto it in its arguments, which can be exploited by malicious, local\nusers to disclose the passwords. \n\n22) An error in Wiki Server can be exploited to determine valid local\nuser names when nonexistent blogs are accessed. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT1897\n\nOTHER REFERENCES:\nSA18008:\nhttp://secunia.com/advisories/18008/\n\nSA18307:\nhttp://secunia.com/advisories/18307/\n\nSA26273:\nhttp://secunia.com/advisories/26273/\n\nSA26636:\nhttp://secunia.com/advisories/26636/\n\nSA27093:\nhttp://secunia.com/advisories/27093/\n\nSA27130:\nhttp://secunia.com/advisories/27130/\n\nSA28081:\nhttp://secunia.com/advisories/28081/\n\nSA28083:\nhttp://secunia.com/advisories/28083/\n\nSA28323:\nhttp://secunia.com/advisories/28323/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "BID",
        "id": "29521"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "29521",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "29412",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA08-150A",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "30430",
        "trust": 2.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1697",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1020141",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "42719",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1020144",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA08-150A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-05-28",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-31697",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66818",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66804",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "db": "BID",
        "id": "29521"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "id": "VAR-200805-0579",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T21:40:17.561000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Mac OS X 10.5.3",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1897"
      },
      {
        "title": "Mac OS X 10.5.3",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1897?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/29412"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/29521"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/30430"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1020141"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/1697"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/42719"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1697"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42719"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1572"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-150a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-150a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1572"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2008/may/1020144.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1338?viewlocale=en_us\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1897\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_security_update_2008_003\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26273/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1053update.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18307/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27093/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1053comboupdate.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003ppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1897"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1053update.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003serverppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27130/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30430/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26636/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28083/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008003intel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1053comboupdate.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28081/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18008/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28323/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "db": "BID",
        "id": "29521"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "db": "BID",
        "id": "29521"
      },
      {
        "db": "BID",
        "id": "29412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-06-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "date": "2008-05-28T00:00:00",
        "db": "BID",
        "id": "29521"
      },
      {
        "date": "2008-05-28T00:00:00",
        "db": "BID",
        "id": "29412"
      },
      {
        "date": "2008-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "date": "2008-05-29T23:21:11",
        "db": "PACKETSTORM",
        "id": "66818"
      },
      {
        "date": "2008-05-29T23:19:06",
        "db": "PACKETSTORM",
        "id": "66804"
      },
      {
        "date": "2008-05-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "date": "2008-06-02T21:30:00",
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31697"
      },
      {
        "date": "2008-06-04T00:23:00",
        "db": "BID",
        "id": "29521"
      },
      {
        "date": "2008-06-04T00:23:00",
        "db": "BID",
        "id": "29412"
      },
      {
        "date": "2008-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-1572"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "29521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X Image capture file overwrite vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001400"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-010"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1572 (GCVE-0-2008-1572)

CERTA-2008-AVI-278

Description

Solution

FKIE_CVE-2008-1572

GHSA-HC66-4G9P-6242

GSD-2008-1572

VAR-200805-0579

Tags

Sightings

Nomenclature