CVE-2008-3635

2008-09-1101:13:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-3635

quicktime

buffer overflow

indeo

iv32

third-party

codec

windows

remote attackers

arbitrary code

denial of service

movie file

nvd

8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.4%

JSON

Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

CPENameOperatorVersion
apple:quicktimeapple quicktimele7.5
apple:quicktimeapple quicktimeeq7.0
apple:quicktimeapple quicktimeeq7.0.1
apple:quicktimeapple quicktimeeq7.0.2
apple:quicktimeapple quicktimeeq7.0.3
apple:quicktimeapple quicktimeeq7.0.4
apple:quicktimeapple quicktimeeq7.1
apple:quicktimeapple quicktimeeq7.1.1
apple:quicktimeapple quicktimeeq7.1.2
apple:quicktimeapple quicktimeeq7.1.3

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	le	7.5
apple:quicktime	apple quicktime	eq	7.0
apple:quicktime	apple quicktime	eq	7.0.1
apple:quicktime	apple quicktime	eq	7.0.2
apple:quicktime	apple quicktime	eq	7.0.3
apple:quicktime	apple quicktime	eq	7.0.4
apple:quicktime	apple quicktime	eq	7.1
apple:quicktime	apple quicktime	eq	7.1.1
apple:quicktime	apple quicktime	eq	7.1.2
apple:quicktime	apple quicktime	eq	7.1.3