1. CVE-Search
  2. CVE-2005-2754
ID CVE-2005-2754
Summary Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
References
Vulnerable Configurations
  • cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-10-2018 - 15:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 15308
bugtraq 20051104 Advisory: Apple QuickTime Player Remote Integer Overflow (2)
confirm http://docs.info.apple.com/article.html?artnum=302772
misc http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt
osvdb 20476
sectrack 1015152
secunia 17428
vupen ADV-2005-2293
Last major update 19-10-2018 - 15:33
Published 05-11-2005 - 11:02
Last modified 19-10-2018 - 15:33
Back to Top