ID CVE-2008-1581 Type cve Reporter NVD Modified 2017-08-07T21:30:16
Description
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
{"result": {"openvas": [{"id": "OPENVAS:800102", "type": "openvas", "title": "Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)", "description": "The host is installed with Apple QuickTime which is prone to\n Multiple Arbitrary Code Execution Vulnerabilities.", "published": "2008-09-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=800102", "cvelist": ["CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1582", "CVE-2008-1581", "CVE-2008-1585"], "lastseen": "2017-07-02T21:10:10"}, {"id": "OPENVAS:1361412562310800102", "type": "openvas", "title": "Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)", "description": "The host is installed with Apple QuickTime which is prone to\n Multiple Arbitrary Code Execution Vulnerabilities.", "published": "2008-09-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800102", "cvelist": ["CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1582", "CVE-2008-1581", "CVE-2008-1585"], "lastseen": "2018-04-06T11:16:01"}], "nessus": [{"id": "QUICKTIME_75.NASL", "type": "nessus", "title": "QuickTime < 7.5 Multiple Vulnerabilities (Windows)", "description": "The version of QuickTime installed on the remote Windows host is older than 7.5. Such versions contain several vulnerabilities :\n\n - There are two heap-based buffer overflows in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution (CVE-2008-1581 and CVE-2008-1583).\n\n - There is a memory corruption issue in QuickTime's handling of AAC-encoded media content that could result in a program crash or arbitrary code execution (CVE-2008-1582).\n\n - There is a stack-based buffer overflow in QuickTime's handling of Indeo video codec content that could result in a program crash or arbitrary code execution (CVE-2008-1584).\n\n - There is a URL handling issue in QuickTime's handling of 'file:' URLs that may allow launching of arbitrary applications (CVE-2008-1585).", "published": "2008-06-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=33130", "cvelist": ["CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1582", "CVE-2008-1581", "CVE-2008-1585"], "lastseen": "2017-10-29T13:42:53"}], "seebug": [{"id": "SSV:3395", "type": "seebug", "title": "Apple QuickTime Player 7.5\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "BUGTRAQ ID: 29619\r\nCVE(CAN) ID: CVE-2008-1581,CVE-2008-1582,CVE-2008-1583,CVE-2008-1584,CVE-2008-1585\r\n\r\nApple QuickTime\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002\r\n\r\nQuickTime\u76847.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7528\u6237\u901a\u8fc7\u7578\u5f62\u7684\u5a92\u4f53\u6587\u4ef6\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u6216\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\u3002 \r\n\r\nCVE-2008-1581\r\n\r\nQuickTime\u5728\u5904\u7406PICT\u56fe\u5f62\u4e2d\u7684PixData\u7ed3\u6784\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684PICT\u56fe\u5f62\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-1582\r\n\r\nQuickTime\u5904\u7406AAC\u7f16\u7801\u7684\u5a92\u4f53\u5185\u5b58\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684\u5a92\u4f53\u6587\u4ef6\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-1583\r\n\r\nQuickTime\u5904\u7406PICT\u56fe\u5f62\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684PICT\u56fe\u5f62\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \r\n\r\nCVE-2008-1584\r\n\r\nQuickTime\u5904\u7406Indeo\u97f3\u9891codec\u5185\u5bb9\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\uff0c\u5982\u679c\u7528\u6237\u67e5\u770b\u7684\u7535\u5f71\u6587\u4ef6\u4e2d\u5305\u542b\u6709Indeo\u97f3\u9891codec\u5185\u5bb9\u7684\u8bdd\u4f1a\u5bfc\u81f4\u64ad\u653e\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-1585\r\n\r\nQuickTime\u6ca1\u6709\u6b63\u786e\u7684\u5904\u7406file: URL\uff0c\u5f53\u7528\u6237\u5728\u64ad\u653e\u5668\u4e2d\u64ad\u653e\u6076\u610f\u7684QuickTime\u5185\u5bb9\u65f6\u53ef\u80fd\u4f1a\u542f\u52a8\u4efb\u610f\u5e94\u7528\u7a0b\u5e8f\u548c\u6587\u4ef6\u3002\r\n\n\nApple QuickTime Player < 7.5\n Apple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.apple.com target=_blank>http://www.apple.com</a>", "published": "2008-06-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-3395", "cvelist": ["CVE-2008-1581", "CVE-2008-1582", "CVE-2008-1583", "CVE-2008-1584", "CVE-2008-1585"], "lastseen": "2017-11-19T21:40:32"}]}}
