CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.apple.com/kb/HT3318	Vendor Advisory
http://www.securityfocus.com/bid/32394
http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html	Vendor Advisory
http://secunia.com/advisories/32756
http://osvdb.org/50029
http://www.securitytracker.com/id?1021272
http://www.vupen.com/english/advisories/2008/3232

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:apple:ipod_touch::::::::
	cpe:2.3:o:apple:iphone_os::::::::

OR	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.0:::::::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*

Information

Published : 2008-11-25 15:30

Updated : 2022-08-09 06:48

NVD link : CVE-2008-4232

Mitre link : CVE-2008-4232

JSON object : View

CWE

NVD-CWE-Other

Products Affected

apple

iphone_os
ipod_touch
safari

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.apple.com/kb/HT3318", "name": "http://support.apple.com/kb/HT3318", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/32394", "name": "32394", "tags": [], "refsource": "BID"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html", "name": "APPLE-SA-2008-11-20", "tags": ["Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/32756", "name": "32756", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/50029", "name": "50029", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securitytracker.com/id?1021272", "name": "1021272", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/3232", "name": "ADV-2008-3232", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4232", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-11-25T23:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-09T13:48Z"}

5.0 /10