PT-2008-6523 · Apple · Quicktime Player+1

Laurent Gaffiã©

Publicado

2008-12-09

Atualizado

2017-09-29

CVE-2008-5406

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple QuickTime Player version 7.5.5 iTunes version 8.0.2.20

Description The issue is related to a stack-based buffer overflow that can be triggered by a MOV file with long arguments, causing an off by one overflow. This can lead to a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code.

Recommendations For Apple QuickTime Player version 7.5.5, update to a newer version to resolve the issue. For iTunes version 8.0.2.20, update to a newer version to resolve the issue.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2008-5406

Produtos afetados

Quicktime Player

Itunes

PT-2008-6523 · Apple · Quicktime Player+1

CVE-2008-5406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5