Vulnerability CVE-2008-4116


Published: 2008-09-18   Modified: 2012-02-12

Description:
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.

See advisories in our WLB2 database:
Topic
Author
Date
High
QuickTime 7.5.5 / ITunes 8.0 Remote Heap Overflow Crash Exploit
securfrog
19.09.2008

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Apple -> Itunes 
Apple -> Quicktime 

 References:
http://xforce.iss.net/xforce/xfdb/45311
http://www.securityfocus.com/bid/31212
http://www.milw0rm.com/exploits/6471
http://securityreason.com/securityalert/4270
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7995
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6113
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5936

Copyright 2024, cxsecurity.com

 

Back to Top