1. CVE-Search
  2. CVE-2005-2756
ID CVE-2005-2756
Summary Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-10-2018 - 15:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 15309
bugtraq 20051104 Advisory: Apple QuickTime PICT Remote Memory Overwrite
cert-vn VU#855118
confirm http://docs.info.apple.com/article.html?artnum=302772
misc http://pb.specialised.info/all/adv/quicktime-pict-adv.txt
osvdb 20478
sectrack 1015152
secunia 17428
sreason 144
vupen ADV-2005-2293
Last major update 19-10-2018 - 15:33
Published 05-11-2005 - 11:02
Last modified 19-10-2018 - 15:33
Back to Top