Lucene search

MitreCVE-2009-0008

HistoryJan 22, 2009 - 6:30 p.m.

CVE-2009-0008

2009-01-2218:30:03

CWE-20

mitre

web.nvd.nist.gov

cve-2009-0008

apple

quicktime

mpeg-2

windows

vulnerability

denial of service

application crash

execute arbitrary code

nvd

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.017

Percentile

87.8%

JSON

Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.

Affected configurations

Nvd

Node

applequicktime_mpeg-2_playback_component

AND

microsoftwindows_vista

microsoftwindows_xp

microsoftwindows_xpsp2

microsoftwindows_xpsp3

VendorProductVersionCPE
applequicktime_mpeg-2_playback_component*cpe:2.3:a:apple:quicktime_mpeg-2_playback_component:*:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	quicktime_mpeg-2_playback_component	*	cpe:2.3:a:apple:quicktime_mpeg-2_playback_component::::::::
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::::::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::::::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

References

lists.apple.com/archives/security-announce//2009/Jan/msg00001.html

secunia.com/advisories/33642

support.apple.com/kb/HT3404

www.securityfocus.com/bid/33393

www.securitytracker.com/id?1021621

www.vupen.com/english/advisories/2009/0211

exchange.xforce.ibmcloud.com/vulnerabilities/48162

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.017

Percentile

87.8%

JSON

Related for CVE-2009-0008