CVE-2008-0033
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
Una vulnerabilidad no especificada en Apple QuickTime versiones anteriores a 7.4, permite a los atacantes remotos causar una denegación de servicio (finalización de aplicación) y ejecutar código arbitrario por medio de un archivo de película con átomos de Image Descriptor (IDSC) que contiene un tamaño de átomo no válido, lo que desencadena una corrupción de la memoria.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-01-03 CVE Reserved
- 2008-01-16 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=307301 | X_refsource_confirm | |
| http://dvlabs.tippingpoint.com/advisory/TPTI-08-01 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/486413/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27299 | Vdb Entry | |
| http://www.securitytracker.com/id?1019221 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-016A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39697 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html | 2018-10-15 | |
| http://secunia.com/advisories/28502 | 2018-10-15 | |
| http://www.vupen.com/english/advisories/2008/0148 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | <= 7.3.1.70 Search vendor "Apple" for product "Quicktime" and version " <= 7.3.1.70" | - |
Affected
| ||||||