Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2005-4092
HistoryDec 08, 2005 - 11:03 a.m.

CVE-2005-4092

2005-12-0811:03:00
CWE-119
[email protected]
web.nvd.nist.gov
37
cve-2005-4092
quicktime player
itunes
buffer overflow
denial of service
arbitrary code
media files

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.95 High

EPSS

Percentile

99.3%

JSON

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

Affected configurations

NVD
Node
appleitunesMatch6.0.1
OR
applequicktimeMatch7.0.3

References

Related

nvd 4
cvelist 3
cve 3
cert 3
securityvulns 2
checkpoint_advisories 1
nessus 1
nvd
nvd
CVE-2005-4092
2005-12-08 11:03:00
CVE-2005-4127
2005-12-09 11:03:00
CVE-2005-4128
2005-12-09 11:03:00
cvelist
cvelist
CVE-2005-4092
2005-12-08 11:00:00
CVE-2005-4128
2005-12-09 11:00:00
CVE-2005-4127
2005-12-09 11:00:00
cve
cve
CVE-2005-4127
2005-12-09 11:03:00
CVE-2005-4128
2005-12-09 11:03:00
CVE-2005-4129
2022-10-03 16:22:46
cert
cert
Apple QuickTime fails to properly handle corrupt media files
2006-01-11 00:00:00
Apple QuickTime fails to properly handle corrupt GIF images
2006-01-11 00:00:00
Apple QuickTime fails to properly handle corrupt TGA images
2006-01-11 00:00:00
securityvulns
securityvulns
[EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow
2006-01-12 00:00:00
US-CERT Technical Cyber Security Alert TA06-011A -- Apple QuickTime Vulnerabilities
2006-01-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime and iTunes Movie File Heap Memory Corruption (CVE-2005-4092)
2009-11-23 00:00:00
nessus
nessus
QuickTime < 7.0.4 Multiple Vulnerabilities (Windows)
2006-01-11 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.95 High

EPSS

Percentile

99.3%

JSON
Related for CVE-2005-4092
nvd4cvelist3cve3cert3securityvulns2checkpoint_advisories1nessus1