Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4092

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4092
Last Modified 07 Mar 2011 12:00:00
Published 08 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4092

Summary

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

Vulnerable Systems

Application

  • Apple Itunes 6.0.1

  • Apple Quicktime 7.0.3


References

CERT - TA06-011A

CERT-VN - VU#921193

VUPEN - ADV-2006-0128

VUPEN - ADV-2005-3012

BID - 15732

BUGTRAQ - 20060111 [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow

BUGTRAQ - 20060111 [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow

BUGTRAQ - 20060111 Updated Advisories - Incorrect CVE Information

MISC - http://www.security-protocols.com/modules.php?name=News&file=article&sid=3133

MISC - http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109

MISC - http://security-protocols.com/advisory/sp-x21-advisory.txt

MISC - http://www.eeye.com/html/research/upcoming/20051117b.html

MISC - http://www.eeye.com/html/research/upcoming/20051117a.html

SECTRACK - 1015397

SECTRACK - 1015396

SECTRACK - 1015356

SREASON - 336

SREASON - 334

SECUNIA - 18370

SECUNIA - 18149

APPLE - APPLE-SA-2006-01-10

MISC - http://www.security-protocols.com/advisory/sp-x21-advisory.txt


Last Updated: 27 May 2016 10:40:44