[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-3627Date: (C)2008-09-10   (M)2023-12-22


Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1020841
http://www.securityfocus.com/archive/1/496163/100/0/threaded
http://www.securityfocus.com/archive/1/496175/100/0/threaded
http://www.securityfocus.com/archive/1/496176/100/0/threaded
BID-31086
SECUNIA-31821
ADV-2008-2527
APPLE-SA-2008-09-09
http://support.apple.com/kb/HT3027
http://www.zerodayinitiative.com/advisories/ZDI-08-060/
http://www.zerodayinitiative.com/advisories/ZDI-08-061/
http://www.zerodayinitiative.com/advisories/ZDI-08-062/
oval:org.mitre.oval:def:16164

CPE    1
cpe:/a:apple:quicktime
CWE    1
CWE-399
OVAL    2
oval:org.secpod.oval:def:16468
oval:org.secpod.oval:def:16472

© SecPod Technologies