Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2238

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2238
Last Modified 18 Oct 2011 12:00:00
Published 12 May 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2238

Summary

Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.

Vulnerable Systems

Application

  • Apple Quicktime 7.0

  • Apple Quicktime 7.0.1

  • Apple Quicktime 7.0.2

  • Apple Quicktime 7.0.3

  • Apple Quicktime 7.0.4


References

CERT - TA06-132B

APPLE - APPLE-SA-2006-05-11

XF - quicktime-bmp-bo(26402)

VUPEN - ADV-2006-1778

BID - 17953

MISC - http://www.security-protocols.com/sp-x27-advisory.php

OSVDB - 24820

SECTRACK - 1016067

SECUNIA - 20069

Related Patches

Apple 2006-05-11 QuickTime 7.1 (Rev 5)


Last Updated: 27 May 2016 10:42:23