Lucene search

[email protected]CVE-2008-3615

HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3615

2008-09-1101:13:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-3615

indeo v5 codec

quicktime

apple

windows

uninitialized memory

remote code execution

denial of service

nvd

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.8%

JSON

ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

CPENameOperatorVersion
apple:quicktimeapple quicktimelt7.5.5

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	lt	7.5.5

References

lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

secunia.com/advisories/31821

securitytracker.com/id?1020841

support.apple.com/kb/HT3027

www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/

www.securityfocus.com/archive/1/496358/100/0/threaded

www.securityfocus.com/bid/31086

www.vupen.com/english/advisories/2008/2527

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2008-3615

prion2 securityvulns2 cve1 nessus1 openvas2 seebug1