CVE-2008-1019
Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
Desbordamiento de búfer basado en montículo en quickTime.qts de Apple QuickTime antes de 7.4.5 permite ejecutar código de su elección a través de un archivo de imagen PICT manipulado, relacionado con un copy loop (bucle de copia) fr memoria terminado incorrectamente.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file.
The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. When this value is changed or omitted, a heap corruption occurs allowing the execution of arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-26 CVE Reserved
- 2008-04-03 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1019763 | Vdb Entry | |
| http://support.apple.com/kb/HT1241 | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/490459/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28583 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1078 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-014 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41609 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29650 | 2018-10-11 | |
| http://www.us-cert.gov/cas/techalerts/TA08-094A.html | 2018-10-11 |
| URL | Date | SRC |
|---|