Lucene search
AnonymousZDI-08-059HistorySep 09, 2008 - 12:00 a.m.
Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability
2008-09-0900:00:00
Anonymous
www.zerodayinitiative.com
20
EPSS
0.034
Percentile
91.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ atoms within the function CallComponentFunctionWithStorage(). When an entry in the sample_size_table is too large, a memory corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.
References
Related
nvd
nvd
CVE-2008-3626
2008-09-11 01:13:09
securityvulns
securityvulns
ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability
2008-09-10 00:00:00
Apple QuickTime multiple security vulnerabilities
2008-09-16 00:00:00
cve
cve
CVE-2008-3626
2008-09-11 01:13:09
seebug
seebug
Apple QuickTime 'STSZ' Atomsε
εη ΄εζΌζ΄
2008-10-08 00:00:00
Apple QuickTime Movie/PICT/QTVRε€δΈͺθΏη¨ζΌζ΄
2008-09-11 00:00:00
prion
prion
Memory corruption
2008-09-11 01:13:00
cvelist
cvelist
CVE-2008-3626
2008-09-10 16:00:00
nessus
nessus
QuickTime < 7.5.5 Multiple Vulnerabilities
2008-09-10 00:00:00
QuickTime < 7.5.5 Multiple Vulnerabilities (Mac OS X)
2008-09-10 00:00:00
QuickTime < 7.5.5 Multiple Vulnerabilities (Windows)
2008-09-10 00:00:00
openvas
openvas
Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
2008-09-25 00:00:00
Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities (HT3027)
2008-09-25 00:00:00