CVE-2008-1017
Apple QuickTime Clipping Region Heap Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
Desbordamiento de búfer basado en montículo en el manejo atom de la región de saturación (aka crgn) en quicktime.qts en Apple QuickTime antes de 7.4.5 permite a atacantes remotos ejecutar código de su elección a través de una película manipulada.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the quicktime.qts library. The vulnerability resides in the component's parsing of 'crgn' atoms. A lack of proper sanity checks on the region size field can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-26 CVE Reserved
- 2008-04-03 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/31034 | Third Party Advisory | |
http://securitytracker.com/id?1019761 | Vdb Entry | |
http://support.apple.com/kb/HT1241 | X_refsource_confirm | |
http://www.securityfocus.com/archive/1/490460/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/28583 | Vdb Entry | |
http://www.vupen.com/english/advisories/2008/1078 | Vdb Entry | |
http://www.vupen.com/english/advisories/2008/2064/references | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-08-015 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41607 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/29650 | 2018-10-11 | |
http://www.us-cert.gov/cas/techalerts/TA08-094A.html | 2018-10-11 |
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html | 2018-10-11 |