Lucene search
MitreCVE-2009-2203HistorySep 10, 2009 - 9:30 p.m.
CVE-2009-2203
2009-09-1021:30:01
CWE-119
mitre
web.nvd.nist.gov
35
cve-2009-2203
buffer overflow
apple quicktime
remote code execution
denial of service
mpeg-4
video file
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.017
Percentile
87.9%
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
Affected configurations
Node
applequicktimeRange≤7.6.2
ORapplequicktimeMatch-
ORapplequicktimeMatch3.0
ORapplequicktimeMatch4.1.2
ORapplequicktimeMatch4.1.2-mac
ORapplequicktimeMatch4.1.2-windows
ORapplequicktimeMatch5.0
ORapplequicktimeMatch5.0.1
ORapplequicktimeMatch5.0.1-mac
ORapplequicktimeMatch5.0.1-windows
ORapplequicktimeMatch5.0.2
ORapplequicktimeMatch5.0.2-mac
ORapplequicktimeMatch5.0.2-windows
ORapplequicktimeMatch6.0
ORapplequicktimeMatch6.0-windows
ORapplequicktimeMatch6.0.0
ORapplequicktimeMatch6.0.0-mac
ORapplequicktimeMatch6.0.0-windows
ORapplequicktimeMatch6.0.1
ORapplequicktimeMatch6.0.1-mac
ORapplequicktimeMatch6.0.1-windows
ORapplequicktimeMatch6.0.2
ORapplequicktimeMatch6.0.2-mac
ORapplequicktimeMatch6.0.2-windows
ORapplequicktimeMatch6.1
ORapplequicktimeMatch6.1.0
ORapplequicktimeMatch6.1.0-mac
ORapplequicktimeMatch6.1.0-windows
ORapplequicktimeMatch6.1.1
ORapplequicktimeMatch6.1.1-mac
ORapplequicktimeMatch6.1.1-windows
ORapplequicktimeMatch6.2.0
ORapplequicktimeMatch6.2.0-mac
ORapplequicktimeMatch6.2.0-windows
ORapplequicktimeMatch6.3.0
ORapplequicktimeMatch6.3.0-mac
ORapplequicktimeMatch6.3.0-windows
ORapplequicktimeMatch6.4.0
ORapplequicktimeMatch6.4.0-mac
ORapplequicktimeMatch6.4.0-windows
ORapplequicktimeMatch6.5
ORapplequicktimeMatch6.5.0
ORapplequicktimeMatch6.5.0-mac
ORapplequicktimeMatch6.5.0-windows
ORapplequicktimeMatch6.5.1
ORapplequicktimeMatch6.5.1-mac
ORapplequicktimeMatch6.5.1-windows
ORapplequicktimeMatch6.5.2
ORapplequicktimeMatch6.5.2-mac
ORapplequicktimeMatch6.5.2-windows
ORapplequicktimeMatch7.0
ORapplequicktimeMatch7.0windows
ORapplequicktimeMatch7.0-windows
ORapplequicktimeMatch7.0.0
ORapplequicktimeMatch7.0.0-mac
ORapplequicktimeMatch7.0.0-windows
ORapplequicktimeMatch7.0.1
ORapplequicktimeMatch7.0.1windows
ORapplequicktimeMatch7.0.1-mac
ORapplequicktimeMatch7.0.1-windows
ORapplequicktimeMatch7.0.2
ORapplequicktimeMatch7.0.2windows
ORapplequicktimeMatch7.0.2-mac
ORapplequicktimeMatch7.0.2-windows
ORapplequicktimeMatch7.0.3
ORapplequicktimeMatch7.0.3-mac
ORapplequicktimeMatch7.0.3-windows
ORapplequicktimeMatch7.0.4
ORapplequicktimeMatch7.0.4-mac
ORapplequicktimeMatch7.0.4-windows
ORapplequicktimeMatch7.1
ORapplequicktimeMatch7.1.0
ORapplequicktimeMatch7.1.0-mac
ORapplequicktimeMatch7.1.0-windows
ORapplequicktimeMatch7.1.1
ORapplequicktimeMatch7.1.1-mac
ORapplequicktimeMatch7.1.1-windows
ORapplequicktimeMatch7.1.2
ORapplequicktimeMatch7.1.2-mac
ORapplequicktimeMatch7.1.2-windows
ORapplequicktimeMatch7.1.3
ORapplequicktimeMatch7.1.3-mac
ORapplequicktimeMatch7.1.3-windows
ORapplequicktimeMatch7.1.4
ORapplequicktimeMatch7.1.4-mac
ORapplequicktimeMatch7.1.4-windows
ORapplequicktimeMatch7.1.5
ORapplequicktimeMatch7.1.5-mac
ORapplequicktimeMatch7.1.5-windows
ORapplequicktimeMatch7.1.6
ORapplequicktimeMatch7.1.6-mac
ORapplequicktimeMatch7.1.6-windows
ORapplequicktimeMatch7.2
ORapplequicktimeMatch7.2.0
ORapplequicktimeMatch7.2.0-mac
ORapplequicktimeMatch7.2.0-windows
ORapplequicktimeMatch7.2.1
ORapplequicktimeMatch7.2.1-mac
ORapplequicktimeMatch7.2.1-windows
ORapplequicktimeMatch7.3
ORapplequicktimeMatch7.3.0
ORapplequicktimeMatch7.3.0-mac
ORapplequicktimeMatch7.3.0-windows
ORapplequicktimeMatch7.3.1
ORapplequicktimeMatch7.3.1-mac
ORapplequicktimeMatch7.3.1-windows
ORapplequicktimeMatch7.3.1.70
ORapplequicktimeMatch7.4
ORapplequicktimeMatch7.4.0
ORapplequicktimeMatch7.4.0-mac
ORapplequicktimeMatch7.4.0-windows
ORapplequicktimeMatch7.4.1
ORapplequicktimeMatch7.4.1-mac
ORapplequicktimeMatch7.4.1-windows
ORapplequicktimeMatch7.4.4
ORapplequicktimeMatch7.4.5
ORapplequicktimeMatch7.4.5-mac
ORapplequicktimeMatch7.4.5-windows
ORapplequicktimeMatch7.5
ORapplequicktimeMatch7.5.0
ORapplequicktimeMatch7.5.0-mac
ORapplequicktimeMatch7.5.0-windows
ORapplequicktimeMatch7.5.5
ORapplequicktimeMatch7.5.5-mac
ORapplequicktimeMatch7.5.5-windows
ORapplequicktimeMatch7.6.0
ORapplequicktimeMatch7.6.0-mac
ORapplequicktimeMatch7.6.0-windows
ORapplequicktimeMatch7.6.1
ORapplequicktimeMatch7.6.1-mac
ORapplequicktimeMatch7.6.1-windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | quicktime | * | cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:* |
| apple | quicktime | - | cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:* |
| apple | quicktime | 3.0 | cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:* |
| apple | quicktime | 4.1.2 | cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:* |
| apple | quicktime | 4.1.2 | cpe:2.3:a:apple:quicktime:4.1.2:-:mac:*:*:*:*:* |
| apple | quicktime | 4.1.2 | cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:* |
| apple | quicktime | 5.0 | cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:* |
| apple | quicktime | 5.0.1 | cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:* |
| apple | quicktime | 5.0.1 | cpe:2.3:a:apple:quicktime:5.0.1:-:mac:*:*:*:*:* |
| apple | quicktime | 5.0.1 | cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:* |
References
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
lists.apple.com/archives/security-announce/2009/Sep/msg00002.html
support.apple.com/kb/HT3859
support.apple.com/kb/HT3937
www.securityfocus.com/bid/36328
www.vupen.com/english/advisories/2009/3184
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5672
Related
cvelist
cvelist
CVE-2009-2203
2009-09-10 21:00:00
prion
prion
Buffer overflow
2009-09-10 21:30:00
nvd
nvd
CVE-2009-2203
2009-09-10 21:30:01
nessus
nessus
QuickTime < 7.6.4 Multiple Vulnerabilities
2009-09-10 00:00:00
QuickTime < 7.6.4 Multiple Vulnerabilities (Mac OS X)
2009-09-10 00:00:00
QuickTime < 7.6.4 Multiple Vulnerabilities (Windows)
2009-09-10 00:00:00
securityvulns
securityvulns
About the security content of QuickTime 7.6.4
2009-09-11 00:00:00
Apple QuickTime multiple security vulnerabilities
2009-09-11 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - Sep09
2009-09-11 00:00:00
Apple QuickTime Multiple Vulnerabilities (Sep 2009)
2009-09-11 00:00:00
Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
2010-05-12 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.017
Percentile
87.9%
Related for CVE-2009-2203