Lucene search
HistoryDec 10, 2008 - 6:44 a.m.
CVE-2008-5406
cve-2008-5406
apple
quicktime player
itunes
buffer overflow
remote attackers
denial of service
arbitrary code
mov file
vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
High
0.045 Low
EPSS
Percentile
92.6%
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with “long arguments,” related to an “off by one overflow.”
Affected configurations
Node
appleitunesMatch8.0.2.20
ORapplequicktimeMatch7.5.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:itunes | apple itunes | eq | 8.0.2.20 |
| apple:quicktime | apple quicktime | eq | 7.5.5 |
Related
nvd
nvd
CVE-2008-5406
2008-12-10 06:44:42
openvas
openvas
Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
2008-12-18 00:00:00
Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
2008-12-18 00:00:00
Apple iTunes Malformed .mov File Buffer Overflow Vulnerability
2008-12-18 00:00:00
prion
prion
Stack overflow
2008-12-10 06:44:00
cvelist
cvelist
CVE-2008-5406
2008-12-09 11:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
High
0.045 Low
EPSS
Percentile
92.6%
Related for CVE-2008-5406