// For flags

CVE-2005-4092

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-12-08 CVE Reserved
  • 2005-12-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (22)
URL Tag Source
http://security-protocols.com/advisory/sp-x21-advisory.txt X_refsource_misc
http://securityreason.com/securityalert/334 Third Party Advisory
http://securityreason.com/securityalert/336 Third Party Advisory
http://securitytracker.com/id?1015356 Vdb Entry
http://securitytracker.com/id?1015396 Vdb Entry
http://securitytracker.com/id?1015397 Vdb Entry
http://www.eeye.com/html/research/upcoming/20051117a.html X_refsource_misc
http://www.eeye.com/html/research/upcoming/20051117b.html X_refsource_misc
http://www.kb.cert.org/vuls/id/921193 Third Party Advisory
http://www.security-protocols.com/advisory/sp-x21-advisory.txt X_refsource_misc
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3133 X_refsource_misc
http://www.securityfocus.com/archive/1/421547/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/421569/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/421635/100/0/threaded Mailing List
http://www.securityfocus.com/bid/15732 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA06-011A.html Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://docs.info.apple.com/article.html?artnum=303101 2018-10-19
http://secunia.com/advisories/18149 2018-10-19
http://secunia.com/advisories/18370 2018-10-19
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109 2018-10-19
http://www.vupen.com/english/advisories/2005/3012 2018-10-19
http://www.vupen.com/english/advisories/2006/0128 2018-10-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Itunes
Search vendor "Apple" for product "Itunes"
 6.0.1
Search vendor "Apple" for product "Itunes" and version "6.0.1"
-
Affected
Apple
Search vendor "Apple"
 Quicktime
Search vendor "Apple" for product "Quicktime"
 7.0.3
Search vendor "Apple" for product "Quicktime" and version "7.0.3"
-
Affected