CVE-2008-2006

Name of the Vulnerable Software and Affected Versions Apple iCal version 3.0.1

Description The issue allows remote CalDAV servers and user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code. This can be achieved via a .ics file containing a large 16-bit integer on a TRIGGER line, or a large integer in a COUNT field on an RRULE line.

Recommendations For Apple iCal version 3.0.1, consider avoiding the use of .ics files from untrusted sources until a patch is available. As a temporary workaround, restrict the handling of TRIGGER and RRULE lines in .ics files to minimize the risk of exploitation.