Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3627

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3627
Last Modified 02 Nov 2013 10:39:23
Published 10 Sep 2008 09:13:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3627

Summary

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

Vulnerable Systems

Application

  • Apple Quicktime

  • Apple Quicktime 3

  • Apple Quicktime 4.1.2

  • Apple Quicktime 5.0

  • Apple Quicktime 5.0.1

  • Apple Quicktime 5.0.2

  • Apple Quicktime 6.0

  • Apple Quicktime 6.1

  • Apple Quicktime 6.5

  • Apple Quicktime 6.5.1

  • Apple Quicktime 6.5.2

  • Apple Quicktime 7.0

  • Apple Quicktime 7.0.1

  • Apple Quicktime 7.0.2

  • Apple Quicktime 7.0.3

  • Apple Quicktime 7.0.4

  • Apple Quicktime 7.0.8

  • Apple Quicktime 7.1

  • Apple Quicktime 7.1.2

  • Apple Quicktime 7.1.3

  • Apple Quicktime 7.1.4

  • Apple Quicktime 7.1.5

  • Apple Quicktime 7.1.6

  • Apple Quicktime 7.2

  • Apple Quicktime 7.3

  • Apple Quicktime 7.3.1

  • Apple Quicktime 7.4

  • Apple Quicktime 7.4.1

  • Apple Quicktime 7.5


References

BID - 31086

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-062/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-061/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-060/

VUPEN - ADV-2008-2527

BUGTRAQ - 20080909 ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability

BUGTRAQ - 20080909 ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability

BUGTRAQ - 20080909 ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability

CONFIRM - http://support.apple.com/kb/HT3027

SECTRACK - 1020841

SECUNIA - 31821

APPLE - APPLE-SA-2008-09-09

Related Patches

Apple 2008-09-09 QuickTime 7.5.5 for Tiger

Apple 2008-09-09 QuickTime 7.5.5 for Leopard


Last Updated: 27 May 2016 10:48:15