PT-2009-4036 · Apple+1 · Apple Quicktime+1

Aaron Portnoy

Publicado

2009-07-15

Atualizado

2019-02-26

CVE-2009-1539

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c

Description: The issue arises from the QuickTime Movie Parser Filter in quartz.dll, which fails to properly validate size fields in QuickTime media files. This allows remote attackers to execute arbitrary code via a crafted file.

Recommendations: For Microsoft DirectX versions 7.0 through 9.0c, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the QuickTime Movie Parser Filter in DirectShow to minimize the risk of arbitrary code execution.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2009-1539

Produtos afetados

Directx

Apple Quicktime

PT-2009-4036 · Apple+1 · Apple Quicktime+1

CVE-2009-1539

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6