ID CVE-2008-1581 Type cve Reporter NVD Modified 2017-08-07T21:30:16
Description
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:26", "references": [], "description": "====================================================================== \r\n\r\n Secunia Research 10/06/2008\r\n\r\n - Apple QuickTime PICT Image Parsing Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Apple QuickTime 7.4.5\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Whether you are creating content for delivery on cell phones,\r\nbroadcast or the Internet, or a software developer looking to take\r\nyour application to the next level, QuickTime provides the most\r\ncomprehensive platform in the industry."\r\n\r\nProduct Link:\r\nhttp://www.apple.com/quicktime/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Apple Quicktime\r\nwhich can be exploited by malicious people to potentially compromise\r\na user's system.\r\n\r\nThe vulnerability is caused due to a boundary error when parsing\r\npacked scanlines from a PixData structure in a PICT file and can be\r\nexploited to cause a heap-based buffer overflow via e.g. viewing a\r\nspecially crafted image file.\r\n\r\nSuccessful exploitation may allow execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nUpdate to QuickTime 7.5.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n10/03/2008 - Vendor notified.\r\n13/03/2008 - Vendor response.\r\n10/06/2008 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Dyon Balding, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2008-1581 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://corporate.secunia.com/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://corporate.secunia.com/secunia_research/33/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below \r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/secunia_security_advisories/ \r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-9/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "reporter": "Securityvulns", "published": "2008-06-10T00:00:00", "title": "Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1581"], "modified": "2008-06-10T00:00:00", "id": "SECURITYVULNS:DOC:20002", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20002", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "references": [], "description": "====================================================================== \r\n\r\n Secunia Research 10/06/2008\r\n\r\n - Apple QuickTime PICT Image Parsing Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Apple QuickTime 7.4.5\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Whether you are creating content for delivery on cell phones,\r\nbroadcast or the Internet, or a software developer looking to take\r\nyour application to the next level, QuickTime provides the most\r\ncomprehensive platform in the industry."\r\n\r\nProduct Link:\r\nhttp://www.apple.com/quicktime/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Apple Quicktime\r\nwhich can be exploited by malicious people to potentially compromise\r\na user's system.\r\n\r\nThe vulnerability is caused due to a boundary error when parsing\r\npacked scanlines from a PixData structure in a PICT file and can be\r\nexploited to cause a heap-based buffer overflow via e.g. viewing a\r\nspecially crafted image file.\r\n\r\nSuccessful exploitation may allow execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nUpdate to QuickTime 7.5.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n10/03/2008 - Vendor notified.\r\n13/03/2008 - Vendor response.\r\n10/06/2008 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Dyon Balding, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2008-1581 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://corporate.secunia.com/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://corporate.secunia.com/secunia_research/33/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below \r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/secunia_security_advisories/ \r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-9/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "reporter": "Securityvulns", "published": "2008-06-10T00:00:00", "title": "Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1581"], "modified": "2008-06-10T00:00:00", "id": "SECURITYVULNS:DOC:20003", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20003", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:29", "references": ["https://vulners.com/securityvulns/securityvulns:doc:20003", "https://vulners.com/securityvulns/securityvulns:doc:20006", "https://vulners.com/securityvulns/securityvulns:doc:20002", "https://vulners.com/securityvulns/securityvulns:doc:20012"], "description": "Buffer overflow on PICT images, INDEO video parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2008-06-11T00:00:00", "title": "Apple QuickTime buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:29", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "QuickTime", "version": "7.4", "operator": "eq"}], "cvelist": ["CVE-2008-1584", "CVE-2008-1581", "CVE-2008-1585"], "modified": "2008-06-11T00:00:00", "id": "SECURITYVULNS:VULN:9070", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9070", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-02T00:06:20", "references": ["http://secunia.com/advisories/29293", "http://www.nruns.com/security_advisory_quicktime_arbitrary_code_execution.php", "08-0094", "http://support.apple.com/kb/HT1991"], "pluginID": "1361412562310800102", "description": "The host is installed with Apple QuickTime which is prone to\n Multiple Arbitrary Code Execution Vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "published": "2008-09-26T00:00:00", "title": "Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1582", "CVE-2008-1581", "CVE-2008-1585"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310800102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_quicktime_mult_vuln_win.nasl 9349 2018-04-06 07:02:25Z cfischer $\n#\n# Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allow attackers to execute arbitrary\n code or unexpected application termination.\n Impact Level : Application\";\n\ntag_solution = \"Upgrade to Apple QuickTime version 7.5 or later,\n http://www.apple.com/quicktime/download/\";\n\n\ntag_summary = \"The host is installed with Apple QuickTime which is prone to\n Multiple Arbitrary Code Execution Vulnerabilities.\";\n\ntag_affected = \"Apple QuickTime before 7.5 on Windows (Any).\";\ntag_insight = \"The flaws are due to\n - boundary error when parsing packed scanlines from a PixData\n structure in a PICT file which can be exploited via specially crafted\n PICT file.\n - memory corruption issue in AAC-encoded media content can be\n exploited via a specially crafted media file.\n - error in the handling of PICT files or Indeo video codec content that\n can be exploited via a specially crafted PICT file or movie file with\n Indeo video codec content respectively.\n - error in the handling of file URLs that can be exploited by making user\n to play maliciously crafted QuickTime content.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800102\");\n script_version(\"$Revision: 9349 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:02:25 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-26 14:12:58 +0200 (Fri, 26 Sep 2008)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-1581\",\"CVE-2008-1582\",\"CVE-2008-1583\",\n \"CVE-2008-1584\",\"CVE-2008-1585\");\n script_bugtraq_id(29619);\n script_xref(name:\"CB-A\", value:\"08-0094\");\n script_name(\"Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1991\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/29293\");\n script_xref(name : \"URL\" , value : \"http://www.nruns.com/security_advisory_quicktime_arbitrary_code_execution.php\");\n exit(0);\n}\n\n\n# Grep for QuickTime version <= 7.5\nif(egrep(pattern:\"^([0-6]\\..*|7\\.([0-4](\\..*)?))$\",\n string:get_kb_item(\"QuickTime/Win/Ver\"))){\n security_message(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:10", "references": ["http://secunia.com/advisories/29293", "http://www.nruns.com/security_advisory_quicktime_arbitrary_code_execution.php", "08-0094", "http://support.apple.com/kb/HT1991"], "pluginID": "800102", "description": "The host is installed with Apple QuickTime which is prone to\n Multiple Arbitrary Code Execution Vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "published": "2008-09-26T00:00:00", "title": "Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1582", "CVE-2008-1581", "CVE-2008-1585"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800102", "id": "OPENVAS:800102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_quicktime_mult_vuln_win.nasl 5375 2017-02-20 16:39:23Z cfi $\n#\n# Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allow attackers to execute arbitrary\n code or unexpected application termination.\n Impact Level : Application\";\n\ntag_solution = \"Upgrade to Apple QuickTime version 7.5 or later,\n http://www.apple.com/quicktime/download/\";\n\n\ntag_summary = \"The host is installed with Apple QuickTime which is prone to\n Multiple Arbitrary Code Execution Vulnerabilities.\";\n\ntag_affected = \"Apple QuickTime before 7.5 on Windows (Any).\";\ntag_insight = \"The flaws are due to\n - boundary error when parsing packed scanlines from a PixData\n structure in a PICT file which can be exploited via specially crafted\n PICT file.\n - memory corruption issue in AAC-encoded media content can be\n exploited via a specially crafted media file.\n - error in the handling of PICT files or Indeo video codec content that\n can be exploited via a specially crafted PICT file or movie file with\n Indeo video codec content respectively.\n - error in the handling of file URLs that can be exploited by making user\n to play maliciously crafted QuickTime content.\";\n\nif(description)\n{\n script_id(800102);\n script_version(\"$Revision: 5375 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 17:39:23 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-26 14:12:58 +0200 (Fri, 26 Sep 2008)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-1581\",\"CVE-2008-1582\",\"CVE-2008-1583\",\n \"CVE-2008-1584\",\"CVE-2008-1585\");\n script_bugtraq_id(29619);\n script_xref(name:\"CB-A\", value:\"08-0094\");\n script_name(\"Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1991\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/29293\");\n script_xref(name : \"URL\" , value : \"http://www.nruns.com/security_advisory_quicktime_arbitrary_code_execution.php\");\n exit(0);\n}\n\n\n# Grep for QuickTime version <= 7.5\nif(egrep(pattern:\"^([0-6]\\..*|7\\.([0-4](\\..*)?))$\",\n string:get_kb_item(\"QuickTime/Win/Ver\"))){\n security_message(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:40:32", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 29619\r\nCVE(CAN) ID: CVE-2008-1581,CVE-2008-1582,CVE-2008-1583,CVE-2008-1584,CVE-2008-1585\r\n\r\nApple QuickTime\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002\r\n\r\nQuickTime\u76847.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7528\u6237\u901a\u8fc7\u7578\u5f62\u7684\u5a92\u4f53\u6587\u4ef6\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u6216\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\u3002 \r\n\r\nCVE-2008-1581\r\n\r\nQuickTime\u5728\u5904\u7406PICT\u56fe\u5f62\u4e2d\u7684PixData\u7ed3\u6784\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684PICT\u56fe\u5f62\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-1582\r\n\r\nQuickTime\u5904\u7406AAC\u7f16\u7801\u7684\u5a92\u4f53\u5185\u5b58\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684\u5a92\u4f53\u6587\u4ef6\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-1583\r\n\r\nQuickTime\u5904\u7406PICT\u56fe\u5f62\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684PICT\u56fe\u5f62\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \r\n\r\nCVE-2008-1584\r\n\r\nQuickTime\u5904\u7406Indeo\u97f3\u9891codec\u5185\u5bb9\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\uff0c\u5982\u679c\u7528\u6237\u67e5\u770b\u7684\u7535\u5f71\u6587\u4ef6\u4e2d\u5305\u542b\u6709Indeo\u97f3\u9891codec\u5185\u5bb9\u7684\u8bdd\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-1585\r\n\r\nQuickTime\u6ca1\u6709\u6b63\u786e\u7684\u5904\u7406file: URL\uff0c\u5f53\u7528\u6237\u5728\u64ad\u653e\u5668\u4e2d\u64ad\u653e\u6076\u610f\u7684QuickTime\u5185\u5bb9\u65f6\u53ef\u80fd\u4f1a\u542f\u52a8\u4efb\u610f\u5e94\u7528\u7a0b\u5e8f\u548c\u6587\u4ef6\u3002\r\n\n\nApple QuickTime Player < 7.5\n Apple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.apple.com target=_blank>http://www.apple.com</a>", "reporter": "Root", "published": "2008-06-11T00:00:00", "type": "seebug", "title": "Apple QuickTime Player 7.5\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1581", "CVE-2008-1582", "CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1585"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-06-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3395", "id": "SSV:3395", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "status": "details"}], "nessus": [{"lastseen": "2018-09-02T00:01:38", "references": ["http://www.securityfocus.com/archive/1/493248/30/0/threaded", "http://www.zerodayinitiative.com/advisories/ZDI-08-037", "http://www.securityfocus.com/archive/1/493225/30/0/threaded", "http://support.apple.com/kb/HT1991", "http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html", "http://www.securityfocus.com/archive/1/493247/30/0/threaded", "http://www.zerodayinitiative.com/advisories/ZDI-08-038", "http://secunia.com/secunia_research/2008-9/advisory/"], "pluginID": "33130", "description": "The version of QuickTime installed on the remote Windows host is older than 7.5. Such versions contain several vulnerabilities :\n\n - There are two heap-based buffer overflows in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution (CVE-2008-1581 and CVE-2008-1583).\n\n - There is a memory corruption issue in QuickTime's handling of AAC-encoded media content that could result in a program crash or arbitrary code execution (CVE-2008-1582).\n\n - There is a stack-based buffer overflow in QuickTime's handling of Indeo video codec content that could result in a program crash or arbitrary code execution (CVE-2008-1584).\n\n - There is a URL handling issue in QuickTime's handling of 'file:' URLs that may allow launching of arbitrary applications (CVE-2008-1585).", "edition": 6, "reporter": "Tenable", "published": "2008-06-10T00:00:00", "title": "QuickTime < 7.5 Multiple Vulnerabilities (Windows)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1582", "CVE-2008-1581", "CVE-2008-1585"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:apple:quicktime"], "id": "QUICKTIME_75.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33130);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2008-1581\", \"CVE-2008-1582\", \"CVE-2008-1583\", \"CVE-2008-1584\", \"CVE-2008-1585\");\n script_bugtraq_id(29648, 29649, 29650, 29652, 29654);\n script_xref(name:\"Secunia\", value:\"29293\");\n\n script_name(english:\"QuickTime < 7.5 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks version of QuickTime on Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of QuickTime installed on the remote Windows host is older\nthan 7.5. Such versions contain several vulnerabilities :\n\n - There are two heap-based buffer overflows in QuickTime's\n handling of PICT image files that could result in a\n program crash or arbitrary code execution\n (CVE-2008-1581 and CVE-2008-1583).\n\n - There is a memory corruption issue in QuickTime's\n handling of AAC-encoded media content that could\n result in a program crash or arbitrary code execution\n (CVE-2008-1582).\n\n - There is a stack-based buffer overflow in QuickTime's\n handling of Indeo video codec content that could\n result in a program crash or arbitrary code execution\n (CVE-2008-1584).\n\n - There is a URL handling issue in QuickTime's handling\n of 'file:' URLs that may allow launching of arbitrary\n applications (CVE-2008-1585).\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/secunia_research/2008-9/advisory/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/493225/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-08-037\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-08-038\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/493247/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/493248/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT1991\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Either use QuickTime's Software Update preference to upgrade to the\nlatest version or manually upgrade to QuickTime 7.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/06/10\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n exit(0);\n}\n\n#\n\ninclude(\"global_settings.inc\");\n\nver = get_kb_item(\"SMB/QuickTime/Version\");\nif (isnull(ver)) exit(0);\n\niver = split(ver, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\nif (\n iver[0] < 7 || \n (iver[0] == 7 && iver[1] <= 4)\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"QuickTime \", ver, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
