Sign-up

ID

VAR-200911-0285


CVE

CVE-2009-2833


TITLE

Apple Mac OS X of International Components for Unicode (ICU) Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2009-002335

DESCRIPTION

Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Successfully exploiting this issue may allow attackers to execute arbitrary code with the privileges of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the following: Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it

Trust: 2.25

sources: NVD: CVE-2009-2833 // JVNDB: JVNDB-2009-002335 // BID: 36982 // BID: 36956 // VULHUB: VHN-40279

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.2

Trust: 0.3

sources: BID: 36982 // BID: 36956 // JVNDB: JVNDB-2009-002335 // CNNVD: CNNVD-200911-108 // NVD: CVE-2009-2833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2833
value: HIGH

Trust: 1.0

NVD: CVE-2009-2833
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200911-108
value: HIGH

Trust: 0.6

VULHUB: VHN-40279
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2833
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40279
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40279 // JVNDB: JVNDB-2009-002335 // CNNVD: CNNVD-200911-108 // NVD: CVE-2009-2833

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-40279 // JVNDB: JVNDB-2009-002335 // NVD: CVE-2009-2833

THREAT TYPE

network

Trust: 0.6

sources: BID: 36982 // BID: 36956

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200911-108

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002335

PATCH
title:HT3937url:http://support.apple.com/kb/HT3937
Trust: 0.8
title:HT3937url:http://support.apple.com/kb/HT3937?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002335

EXTERNAL IDS
db:NVDid:CVE-2009-2833
Trust: 2.8
db:VUPENid:ADV-2009-3184
Trust: 2.5
db:BIDid:36956
Trust: 2.0
db:JVNDBid:JVNDB-2009-002335
Trust: 0.8
db:CNNVDid:CNNVD-200911-108
Trust: 0.7
db:APPLEid:APPLE-SA-2009-11-09-1
Trust: 0.6
db:BIDid:36982
Trust: 0.4
db:VULHUBid:VHN-40279
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40279 // 
            
            
            
            BID: 36982 // 
            
            
            
            BID: 36956 // 
            
            
            
            JVNDB: JVNDB-2009-002335 // 
            
            
            
            CNNVD: CNNVD-200911-108 // 
            
            
            
            NVD: CVE-2009-2833

REFERENCES
url:http://www.vupen.com/english/advisories/2009/3184
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html
Trust: 1.7
url:http://www.securityfocus.com/bid/36956
Trust: 1.7
url:http://support.apple.com/kb/ht3937
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2833
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2833
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-40279 // 
            
            
            
            BID: 36982 // 
            
            
            
            BID: 36956 // 
            
            
            
            JVNDB: JVNDB-2009-002335 // 
            
            
            
            CNNVD: CNNVD-200911-108 // 
            
            
            
            NVD: CVE-2009-2833

CREDITS
Brian MastenbrookRegis DuchesneNicolas Joly
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200911-108

SOURCES
db:VULHUBid:VHN-40279
db:BIDid:36982
db:BIDid:36956
db:JVNDBid:JVNDB-2009-002335
db:CNNVDid:CNNVD-200911-108
db:NVDid:CVE-2009-2833

LAST UPDATE DATE
2025-04-10T19:49:27.315000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40279date:2009-11-17T00:00:00
db:BIDid:36982date:2009-11-11T20:16:00
db:BIDid:36956date:2009-11-11T20:56:00
db:JVNDBid:JVNDB-2009-002335date:2009-12-17T00:00:00
db:CNNVDid:CNNVD-200911-108date:2009-11-10T00:00:00
db:NVDid:CVE-2009-2833date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40279date:2009-11-10T00:00:00
db:BIDid:36982date:2009-11-09T00:00:00
db:BIDid:36956date:2009-11-09T00:00:00
db:JVNDBid:JVNDB-2009-002335date:2009-12-17T00:00:00
db:CNNVDid:CNNVD-200911-108date:2009-11-10T00:00:00
db:NVDid:CVE-2009-2833date:2009-11-10T19:30:01.467