PT-2008-6523 · Apple · Quicktime Player+1

Laurent Gaffiã©

Published

2008-12-09

Updated

2017-09-29

CVE-2008-5406

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple QuickTime Player version 7.5.5 iTunes version 8.0.2.20

Description The issue is related to a stack-based buffer overflow that can be triggered by a MOV file with long arguments, causing an off by one overflow. This can lead to a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code.

Recommendations For Apple QuickTime Player version 7.5.5, update to a newer version to resolve the issue. For iTunes version 8.0.2.20, update to a newer version to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-5406

Affected Products

Quicktime Player

Itunes

PT-2008-6523 · Apple · Quicktime Player+1

CVE-2008-5406

Weakness Enumeration

Related Identifiers

Affected Products

References · 5