Lucene search

[email protected]NVD:CVE-2008-3627

HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3627

2008-09-1101:13:09

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.068

Percentile

94.0%

JSON

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

Affected configurations

Nvd

Node

applequicktimeRange<7.5.5

VendorProductVersionCPE
applequicktime*cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	quicktime	*	cpe:2.3:a:apple:quicktime::::::::

References

lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

secunia.com/advisories/31821

securitytracker.com/id?1020841

support.apple.com/kb/HT3027

www.securityfocus.com/archive/1/496163/100/0/threaded

www.securityfocus.com/archive/1/496175/100/0/threaded

www.securityfocus.com/archive/1/496176/100/0/threaded

www.securityfocus.com/bid/31086

www.vupen.com/english/advisories/2008/2527

www.zerodayinitiative.com/advisories/ZDI-08-060/

www.zerodayinitiative.com/advisories/ZDI-08-061/

www.zerodayinitiative.com/advisories/ZDI-08-062/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16164

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.068

Percentile

94.0%

JSON

Related for NVD:CVE-2008-3627

securityvulns4 prion1 zdi3 cve1 cvelist1 nessus3 seebug1 openvas2