[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-4092Date: (C)2005-12-08   (M)2023-12-22


Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015356
SECTRACK-1015396
SECTRACK-1015397
BID-15732
SECUNIA-18149
SECUNIA-18370
http://www.securityfocus.com/archive/1/421547/100/0/threaded
http://www.securityfocus.com/archive/1/421635/100/0/threaded
http://www.securityfocus.com/archive/1/421569/100/0/threaded
SREASON-334
SREASON-336
ADV-2005-3012
ADV-2006-0128
APPLE-SA-2006-01-10
TA06-011A
VU#921193
http://security-protocols.com/advisory/sp-x21-advisory.txt
http://www.eeye.com/html/research/upcoming/20051117a.html
http://www.eeye.com/html/research/upcoming/20051117b.html
http://www.security-protocols.com/advisory/sp-x21-advisory.txt
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3133

CPE    2
cpe:/a:apple:quicktime:7.0.3
cpe:/a:apple:itunes:6.0.1
CWE    1
CWE-119

© SecPod Technologies