CVE-2008-4116

Name of the Vulnerable Software and Affected Versions Apple QuickTime version 7.5.5 iTunes version 8.0

Description The issue is related to a buffer overflow that can be triggered by a long type attribute in a quicktime tag on a web page or embedded in .mp4 or .mov files. This could lead to a denial of service, causing a browser crash, or possibly allow the execution of arbitrary code. The problem might be connected to the Check stack cookie function and an off-by-one error resulting in a heap-based buffer overflow.

Recommendations For Apple QuickTime version 7.5.5, consider updating to a newer version to mitigate the risk. For iTunes version 8.0, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of quicktime tags in web pages or embedded in .mp4 or .mov files until a patch is available.