PT-2009-4035 · Apple+1 · Apple Quicktime+1

Yamata Li

Publicado

2009-07-15

Atualizado

2019-02-26

CVE-2009-1538

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c

Description: The issue concerns the QuickTime Movie Parser Filter in quartz.dll, which is part of DirectShow in Microsoft DirectX. It allows remote attackers to execute arbitrary code via a crafted QuickTime media file due to improper validation of unspecified data values when updating pointers.

Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, consider restricting the use of the QuickTime Movie Parser Filter until a patch is available. As a temporary workaround, avoid using the affected filter to parse QuickTime media files.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-1538

Produtos afetados

Directx

Apple Quicktime

PT-2009-4035 · Apple+1 · Apple Quicktime+1

CVE-2009-1538

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7