CVE-2009-2204 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2009-2204

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-03 Aug, 2009 | 18:30

Updated At-30 Mar, 2010 | 04:00

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

>>iphone_os>>Versions up to 3.0(inclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

>>iphone_os>>1.0

cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*

>>iphone_os>>1.0.0

cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

>>iphone_os>>1.0.1

cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

>>iphone_os>>1.0.2

cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

>>iphone_os>>1.1

cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*

>>iphone_os>>1.1.0

cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

>>iphone_os>>1.1.1

cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

>>iphone_os>>1.1.2

cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

>>iphone_os>>1.1.3

cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

>>iphone_os>>1.1.4

cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

>>iphone_os>>1.1.5

cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

>>iphone_os>>2.0

cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*

>>iphone_os>>2.0.0

cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

>>iphone_os>>2.0.1

cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

>>iphone_os>>2.0.2

cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

>>iphone_os>>2.1

cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html	cve@mitre.org	N/A
http://news.cnet.com/8301-1009_3-10278472-83.html	cve@mitre.org	N/A
http://secunia.com/advisories/36070	cve@mitre.org	Vendor Advisory
http://securitytracker.com/id?1022626	cve@mitre.org	Patch
http://support.apple.com/kb/HT3754	cve@mitre.org	Vendor Advisory
http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf	cve@mitre.org	Exploit
http://www.osvdb.org/55687	cve@mitre.org	N/A
http://www.securityfocus.com/bid/35569	cve@mitre.org	N/A
http://www.syscan.org/Sg/program.html	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2009/2105	cve@mitre.org	Patch Vendor Advisory

Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://news.cnet.com/8301-1009_3-10278472-83.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/36070

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://securitytracker.com/id?1022626

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://support.apple.com/kb/HT3754

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.osvdb.org/55687

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/35569

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.syscan.org/Sg/program.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2009/2105

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory