[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2005-4092

Date: (C)2005-12-08   (M)2016-04-04
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

Reference:
SECTRACK-1015356
SECTRACK-1015396
SECTRACK-1015397
BID-15732
SECUNIA-18149
SECUNIA-18370
http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/421635/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/421569/100/0/threaded
SREASON-334
SREASON-336
ADV-2005-3012
ADV-2006-0128
APPLE-SA-2006-01-10
TA06-011A
VU#921193
http://security-protocols.com/advisory/sp-x21-advisory.txt
http://www.eeye.com/html/research/upcoming/20051117a.html
http://www.eeye.com/html/research/upcoming/20051117b.html
http://www.security-protocols.com/advisory/sp-x21-advisory.txt
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3133

CPE    2
cpe:/a:apple:itunes:6.0.1
cpe:/a:apple:quicktime:7.0.3
CWE    1
CWE-119

© 2013 SecPod Technologies