Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4116

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4116
Last Modified 06 Jan 2011 12:00:00
Published 18 Sep 2008 11:04:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4116

Summary

Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Apple Itunes 8.0

  • Apple Quicktime 7.5.5


References

XF - quicktime-itunes-checkstackcookie-bo(45311)

BID - 31212

MILW0RM - 6471

SREASON - 4270


Last Updated: 27 May 2016 10:48:23