Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-0153

Disclosure Date: May 13, 2009
CVE-2009-0153
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple

Products

  • mac os x 10.5.0,
  • mac os x 10.5.1,
  • mac os x 10.5.2,
  • mac os x 10.5.3,
  • mac os x 10.5.4,
  • mac os x 10.5.5,
  • mac os x 10.5.6,
  • mac os x server 10.5.0,
  • mac os x server 10.5.1,
  • mac os x server 10.5.2,
  • mac os x server 10.5.3,
  • mac os x server 10.5.4,
  • mac os x server 10.5.5,
  • mac os x server 10.5.6

References

Canonical
CVE-2009-0153 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153)
BID-34974 (http://www.securityfocus.com/bid/34974)
BID-34926 (http://www.securityfocus.com/bid/34926)
Advisory
http://support.apple.com/kb/HT3639
ADV-2009-1621 (http://www.vupen.com/english/advisories/2009/1621)
http://support.apple.com/kb/HT3549
APPLE-SA-2009-06-08-1 (http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html)
http://www.redhat.com/support/errata/RHSA-2009-1122.html
SECUNIA-35074 (http://secunia.com/advisories/35074)
XF-macos-icu-security-bypass(50488) (https://exchange.xforce.ibmcloud.com/vulnerabilities/50488)
ADV-2009-1522 (http://www.vupen.com/english/advisories/2009/1522)
APPLE-SA-2009-06-17-1 (http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html)
APPLE-SA-2009-05-12 (http://lists.apple.com/archives/security-announce/2009/May/msg00002.html)
http://bugs.icu-project.org/trac/ticket/5691
FEDORA-2009-6121 (https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html)
SECUNIA-35379 (http://secunia.com/advisories/35379)
SECUNIA-35498 (http://secunia.com/advisories/35498)
TA09-133A (http://www.us-cert.gov/cas/techalerts/TA09-133A.html)
SECUNIA-35584 (http://secunia.com/advisories/35584)
ADV-2009-1297 (http://www.vupen.com/english/advisories/2009/1297)
https://bugzilla.redhat.com/show_bug.cgi?id=503071
SECUNIA-35436 (http://secunia.com/advisories/35436)
http://support.apple.com/kb/HT3613
FEDORA-2009-6273 (https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis