CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.9%
The version of QuickTime installed on the remote host is older than 7.6. Such versions contain several vulnerabilities :
A heap buffer overflow in QuickTime’s handling of RTSP URLs may lead to an application crash or arbitrary code execution. (CVE-2009-0001)
A heap buffer overflow in QuickTime’s handling of THKD atoms in QTVR (QuickTime Virtual Reality) movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0002)
A heap buffer overflow while processing an AVI movie file may lead to an application crash or arbitrary code execution. (CVE-2009-0003)
A buffer overflow in the handling of MPEG-2 video files with MP3 audio content may lead to an application crash or arbitrary code execution. (CVE-2009-0004)
A memory corruption in QuickTime’s handling of H.263 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0005)
A signedness issue in QuickTime’s handling of Cinepak encoded movie files may result in a heap buffer overflow. (CVE-2009-0006)
A heap buffer overflow in QuickTime’s handling of JPEG atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0007)
Binary data 4817.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0007
lists.apple.com/archives/security-announce/2009/Jan/msg00000.html
support.apple.com/kb/HT3403