CVE-2008-4211

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X version 10.5.5 Apple iPhone OS versions 1.0 through 2.1 Apple iPhone OS for iPod touch versions 1.1 through 2.1

Description: The issue is related to an integer signedness error in QuickLook and Office Viewer, allowing remote attackers to cause a denial of service and execute arbitrary code via a crafted Microsoft Excel file. This is triggered by an out-of-bounds memory access, related to the handling of columns.

Recommendations: For Apple Mac OS X version 10.5.5, update to a newer version to mitigate the risk. For Apple iPhone OS versions 1.0 through 2.1, update to a version later than 2.1. For Apple iPhone OS for iPod touch versions 1.1 through 2.1, update to a version later than 2.1. As a temporary workaround, consider avoiding the use of crafted Microsoft Excel files that could trigger the out-of-bounds memory access.