CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
94.0%
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.
lists.apple.com/archives/security-announce//2008/Sep/msg00000.html
secunia.com/advisories/31821
securitytracker.com/id?1020841
support.apple.com/kb/HT3027
www.securityfocus.com/archive/1/496163/100/0/threaded
www.securityfocus.com/archive/1/496175/100/0/threaded
www.securityfocus.com/archive/1/496176/100/0/threaded
www.securityfocus.com/bid/31086
www.vupen.com/english/advisories/2008/2527
www.zerodayinitiative.com/advisories/ZDI-08-060/
www.zerodayinitiative.com/advisories/ZDI-08-061/
www.zerodayinitiative.com/advisories/ZDI-08-062/
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16164