Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2009-0001
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 04:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:17:10.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "33385", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33385", }, { name: "TA09-022A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { name: "quicktime-rtspurl-bo(48154)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { name: "APPLE-SA-2009-01-21", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { name: "ADV-2009-0212", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0212", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3403", }, { name: "oval:org.mitre.oval:def:6135", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, { name: "33632", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33632", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-21T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "33385", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33385", }, { name: "TA09-022A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { name: "quicktime-rtspurl-bo(48154)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { name: "APPLE-SA-2009-01-21", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { name: "ADV-2009-0212", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0212", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3403", }, { name: "oval:org.mitre.oval:def:6135", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, { name: "33632", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33632", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0001", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "33385", refsource: "BID", url: "http://www.securityfocus.com/bid/33385", }, { name: "TA09-022A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { name: "quicktime-rtspurl-bo(48154)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { name: "APPLE-SA-2009-01-21", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { name: "ADV-2009-0212", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0212", }, { name: "http://support.apple.com/kb/HT3403", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3403", }, { name: "oval:org.mitre.oval:def:6135", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, { name: "33632", refsource: "SECUNIA", url: "http://secunia.com/advisories/33632", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0001", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-12-15T00:00:00", dateUpdated: "2024-08-07T04:17:10.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2009-0001\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-01-21T20:30:00.250\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a v7.6 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección a través de una URL RTSP manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.5.5\",\"matchCriteriaId\":\"26878E5F-2CE4-4867-A33F-3E531802EABC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EE08FAE-0862-4C36-95BC-878B04CBF397\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F310A8-F760-4059-987D-42369F360DE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71BC599-FCBE-4F1F-AA24-41AF91F82226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41473E1D-B988-4312-B16B-D340508DD473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC2EBC0-F2A6-4709-9A27-CF63BC578744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"844E1B14-A13A-47F1-9C82-02EAEED1A911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80747BDD-70E9-4E74-896F-C79D014F1B2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA1E140B-BCB4-4B3C-B287-E9E944E08DB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CE0B67-0794-472D-A2C0-CC5CA0E36370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B535737C-BF32-471C-B26A-588632FCC427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF2C61F8-B376-40F9-8677-CADCC3295915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6254BB56-5A25-49DC-A851-3CCA249BD71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795E3354-7824-4EF4-A788-3CFEB75734E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419A1E9-A0DA-4846-8959-BE50B53736E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952A8015-B18B-481C-AC17-60F0D7EEE085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E518B27-A79B-43A4-AFA6-E59EF8E944D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC6EF36-93B3-49BB-9A6F-1990E3F4170E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C9B657-5484-4458-861E-D6FB5019265A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EF20D38-BFA3-4403-AB24-7B74EFD68229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2CE2A89-B2FC-413D-A059-526E6DE301BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31662D02-7FA9-4FAD-BE49-194B7295CEE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461AF0A-D4D3-4010-A881-EDBB95003083\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E1332A-5B4D-4590-BFA5-4557C71F894B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C8E5C77-573F-4EA3-A59C-4A7B11946E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DC01580-460A-4DC3-BB6D-A9B2254EF6D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"786BB737-EA99-4EC6-B742-0C35BF2453F9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2442D35-7484-43D8-9077-3FDF63104816\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F3E721C-00CA-4D51-B542-F2BC5C0D65BF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3267A41-1AE0-48B8-BD1F-DEC8A212851A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855288F1-0242-4951-AB3F-B7AF13E21CF6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10082781-B93E-4B84-94F2-FA9749B4D92B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1EBF04-C440-4A6B-93F2-DC3A812728C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33632\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3403\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/33385\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-022A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0212\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48154\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33385\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-022A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
WID-SEC-W-2022-0770
Vulnerability from csaf_certbund
Published
2020-04-23 22:00
Modified
2024-05-16 22:00
Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0770 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json", }, { category: "self", summary: "WID-SEC-2022-0770 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770", }, { category: "external", summary: "IBM Security Bulletin 6198380 vom 2020-04-23", url: "https://www.ibm.com/support/pages/node/6198380", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17", url: "https://access.redhat.com/errata/RHSA-2020:2603", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04", url: "https://access.redhat.com/errata/RHSA-2020:4807", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20", url: "https://access.redhat.com/errata/RHSA-2021:3225", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27", url: "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html", }, { category: "external", summary: "IBM Security Bulletin 6605881 vom 2022-07-21", url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/", }, { category: "external", summary: "Dell Security Advisory DSA-2024-070 vom 2024-02-03", url: "https://www.dell.com/support/kbdoc/000221770/dsa-2024-=", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html", }, { category: "external", summary: "IBM Security Bulletin 7153639 vom 2024-05-17", url: "https://www.ibm.com/support/pages/node/7153639", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-16T22:00:00.000+00:00", generator: { date: "2024-08-15T17:32:05.856+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-0770", initial_release_date: "2020-04-23T22:00:00.000+00:00", revision_history: [ { date: "2020-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-06-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-11-03T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2021-08-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-05-26T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2022-07-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-10-03T22:00:00.000+00:00", number: "7", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-02-04T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, { category: "product_version_range", name: "<Analyzer 10.9.3-00", product: { name: "Hitachi Ops Center <Analyzer 10.9.3-00", product_id: "T030196", }, }, { category: "product_version_range", name: "<Viewpoint 10.9.3-00", product: { name: "Hitachi Ops Center <Viewpoint 10.9.3-00", product_id: "T030197", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_version", name: "11.1", product: { name: "IBM DB2 11.1", product_id: "342000", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.1", }, }, }, { category: "product_version", name: "11.5", product: { name: "IBM DB2 11.5", product_id: "695419", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.5", }, }, }, ], category: "product_name", name: "DB2", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0001", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2009-0001", }, { cve: "CVE-2014-0114", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0114", }, { cve: "CVE-2014-0193", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0193", }, { cve: "CVE-2014-3488", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-3488", }, { cve: "CVE-2015-2156", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2015-2156", }, { cve: "CVE-2016-2402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2016-2402", }, { cve: "CVE-2017-12972", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12972", }, { cve: "CVE-2017-12973", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12973", }, { cve: "CVE-2017-12974", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12974", }, { cve: "CVE-2017-18640", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-18640", }, { cve: "CVE-2017-3734", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-3734", }, { cve: "CVE-2017-5637", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-5637", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-11771", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-11771", }, { cve: "CVE-2018-8009", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8009", }, { cve: "CVE-2018-8012", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8012", }, { cve: "CVE-2019-0201", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-0201", }, { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10086", }, { cve: "CVE-2019-10172", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10172", }, { cve: "CVE-2019-10202", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10202", }, { cve: "CVE-2019-12402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-12402", }, { cve: "CVE-2019-16869", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-16869", }, { cve: "CVE-2019-17195", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17195", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17571", }, { cve: "CVE-2019-9512", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9512", }, { cve: "CVE-2019-9514", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9514", }, { cve: "CVE-2019-9515", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9515", }, { cve: "CVE-2019-9518", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9518", }, ], }
wid-sec-w-2022-0770
Vulnerability from csaf_certbund
Published
2020-04-23 22:00
Modified
2024-05-16 22:00
Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0770 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json", }, { category: "self", summary: "WID-SEC-2022-0770 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770", }, { category: "external", summary: "IBM Security Bulletin 6198380 vom 2020-04-23", url: "https://www.ibm.com/support/pages/node/6198380", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17", url: "https://access.redhat.com/errata/RHSA-2020:2603", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04", url: "https://access.redhat.com/errata/RHSA-2020:4807", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20", url: "https://access.redhat.com/errata/RHSA-2021:3225", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27", url: "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html", }, { category: "external", summary: "IBM Security Bulletin 6605881 vom 2022-07-21", url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/", }, { category: "external", summary: "Dell Security Advisory DSA-2024-070 vom 2024-02-03", url: "https://www.dell.com/support/kbdoc/000221770/dsa-2024-=", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html", }, { category: "external", summary: "IBM Security Bulletin 7153639 vom 2024-05-17", url: "https://www.ibm.com/support/pages/node/7153639", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-16T22:00:00.000+00:00", generator: { date: "2024-08-15T17:32:05.856+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-0770", initial_release_date: "2020-04-23T22:00:00.000+00:00", revision_history: [ { date: "2020-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-06-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-11-03T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2021-08-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-05-26T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2022-07-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-10-03T22:00:00.000+00:00", number: "7", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-02-04T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-05-16T22:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, { category: "product_version_range", name: "<Analyzer 10.9.3-00", product: { name: "Hitachi Ops Center <Analyzer 10.9.3-00", product_id: "T030196", }, }, { category: "product_version_range", name: "<Viewpoint 10.9.3-00", product: { name: "Hitachi Ops Center <Viewpoint 10.9.3-00", product_id: "T030197", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_version", name: "11.1", product: { name: "IBM DB2 11.1", product_id: "342000", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.1", }, }, }, { category: "product_version", name: "11.5", product: { name: "IBM DB2 11.5", product_id: "695419", product_identification_helper: { cpe: "cpe:/a:ibm:db2:11.5", }, }, }, ], category: "product_name", name: "DB2", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0001", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2009-0001", }, { cve: "CVE-2014-0114", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0114", }, { cve: "CVE-2014-0193", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-0193", }, { cve: "CVE-2014-3488", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2014-3488", }, { cve: "CVE-2015-2156", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2015-2156", }, { cve: "CVE-2016-2402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2016-2402", }, { cve: "CVE-2017-12972", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12972", }, { cve: "CVE-2017-12973", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12973", }, { cve: "CVE-2017-12974", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-12974", }, { cve: "CVE-2017-18640", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-18640", }, { cve: "CVE-2017-3734", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-3734", }, { cve: "CVE-2017-5637", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2017-5637", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-11771", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-11771", }, { cve: "CVE-2018-8009", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8009", }, { cve: "CVE-2018-8012", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2018-8012", }, { cve: "CVE-2019-0201", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-0201", }, { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10086", }, { cve: "CVE-2019-10172", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10172", }, { cve: "CVE-2019-10202", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-10202", }, { cve: "CVE-2019-12402", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-12402", }, { cve: "CVE-2019-16869", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-16869", }, { cve: "CVE-2019-17195", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17195", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-17571", }, { cve: "CVE-2019-9512", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9512", }, { cve: "CVE-2019-9514", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9514", }, { cve: "CVE-2019-9515", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9515", }, { cve: "CVE-2019-9518", notes: [ { category: "description", text: "In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.", }, ], product_status: { known_affected: [ "T014381", "342000", "67646", "695419", "T030196", "T017562", "T030197", ], }, release_date: "2020-04-23T22:00:00.000+00:00", title: "CVE-2019-9518", }, ], }
gsd-2009-0001
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
Aliases
Aliases
{ GSD: { alias: "CVE-2009-0001", description: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", id: "GSD-2009-0001", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2009-0001", ], details: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", id: "GSD-2009-0001", modified: "2023-12-13T01:19:44.438099Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0001", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "33385", refsource: "BID", url: "http://www.securityfocus.com/bid/33385", }, { name: "TA09-022A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { name: "quicktime-rtspurl-bo(48154)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { name: "APPLE-SA-2009-01-21", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { name: "ADV-2009-0212", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0212", }, { name: "http://support.apple.com/kb/HT3403", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3403", }, { name: "oval:org.mitre.oval:def:6135", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, { name: "33632", refsource: "SECUNIA", url: "http://secunia.com/advisories/33632", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.4.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.5.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0001", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "APPLE-SA-2009-01-21", refsource: "APPLE", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { name: "33632", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/33632", }, { name: "TA09-022A", refsource: "CERT", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { name: "http://support.apple.com/kb/HT3403", refsource: "CONFIRM", tags: [], url: "http://support.apple.com/kb/HT3403", }, { name: "33385", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/33385", }, { name: "ADV-2009-0212", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2009/0212", }, { name: "quicktime-rtspurl-bo(48154)", refsource: "XF", tags: [], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { name: "oval:org.mitre.oval:def:6135", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: true, }, }, lastModifiedDate: "2018-10-30T16:25Z", publishedDate: "2009-01-21T20:30Z", }, }, }
ghsa-79mf-79r6-55wq
Vulnerability from github
Published
2022-05-02 03:12
Modified
2022-05-02 03:12
Details
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
{ affected: [], aliases: [ "CVE-2009-0001", ], database_specific: { cwe_ids: [ "CWE-119", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2009-01-21T20:30:00Z", severity: "HIGH", }, details: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", id: "GHSA-79mf-79r6-55wq", modified: "2022-05-02T03:12:22Z", published: "2022-05-02T03:12:22Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0001", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { type: "WEB", url: "http://secunia.com/advisories/33632", }, { type: "WEB", url: "http://support.apple.com/kb/HT3403", }, { type: "WEB", url: "http://www.securityfocus.com/bid/33385", }, { type: "WEB", url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2009/0212", }, ], schema_version: "1.4.0", severity: [], }
var-200901-0246
Vulnerability from variot
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. Apple QuickTime is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Apple QuickTime 7.6 are vulnerable. Apple QuickTime is a multimedia framework of Apple (Apple), which can process digital video, pictures, sound and panoramic images in various formats. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA09-022A
Apple QuickTime Updates for Multiple Vulnerabilities
Original release date: January 22, 2009 Last revised: -- Source: US-CERT
Systems Affected
* Apple QuickTime 7.5 for Windows and Mac OS X
Overview
Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows.
I. This file could be hosted on a web page or sent via email.
II. Impact
The impacts of these vulnerabilities vary.
III. This and other updates are available via Software Update or via Apple Downloads.
IV. References
-
About the security content of QuickTime 7.6 - http://support.apple.com/kb/HT3403
-
Apple Support Downloads - http://support.apple.com/downloads/
-
Mac OS X - updating your software - http://support.apple.com/kb/HT1338?viewlocale=en_US
-
Securing Your Web Browser - https://www.us-cert.gov/reading_room/securing_browser/
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-022A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-022A Feedback VU#703068" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 22, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSXj25HIHljM+H4irAQKNIgf+LSBKBzHWdjxmJgYw3vYmAXtwpUxAVThs Ma4vIB1vSjv8Us83S2XrKIGcKrdPgQgeS7Vji9WRMmlzEv/AYlFJseqq17ufGely 5YosATUh+C0SjY6OAYeJNYMws7fgGcGJagtfQp0gJTRLruknEoB/iqlASBQ7MtNg 7viHKIR8r2BxCNB1A4ir1kzPELIHFF/pmmuaD+E2PnxH1XtYLM9b9t6xbkjie2PG vEwv7JCGH/RrJtst480ZMIHOghsZ0ONoMkTjZB7o5S0ww3guktGOMB+/QiZI8eFB KbU6nB6JGscZ8Fb1E4K3yOU9MvpzEfurIvYmyMcAdxFCiq5CSUjOug== =B5D3 -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA33632
VERIFY ADVISORY: http://secunia.com/advisories/33632/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/advisories/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error exists in the processing of RTSP URLs.
2) An error due to improper validation of transform matrix data exists when processing Track Header (THKD) atoms in QuickTime Virtual Reality (QTVR) movie files. This can be exploited to cause a heap-based buffer overflow via a specially crafted QTVR file.
3) An error in the processing of "nBlockAlign" values in the "_WAVEFORMATEX" structure of AVI headers can be exploited to cause a heap-based buffer overflow when a specially crafted AVI file is accessed.
4) A boundary error exists in the processing of MPEG-2 video files containing MP3 audio content, which can be exploited to cause a buffer overflow via a specially crafted movie file.
5) An unspecified error exists in the processing of H.263 encoded movie files, which can be exploited to cause a memory corruption when a specially crafted movie file is viewed.
6) A signedness error exists within the processing of the MDAT atom when handling Cinepak encoded movie files. This can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is viewed.
7) An error exists within the function JPEG_DComponentDispatch() when processing the image width data in JPEG atoms embedded in STSD atoms. This can be exploited to cause a memory corruption when a specially crafted movie file is viewed.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
SOLUTION: Update to version 7.6.
QuickTime 7.6 for Windows: http://support.apple.com/downloads/QuickTime_7_6_for_Windows
QuickTime 7.6 for Leopard: http://support.apple.com/downloads/QuickTime_7_6_for_Leopard
QuickTime 7.6 for Tiger: http://support.apple.com/downloads/QuickTime_7_6_for_Tiger
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Attila Suszter 4) Chad Dougherty, CERT Coordination Center 5) Dave Soldera, NGS Software
2, 3, 6, 7) An anonymous person, reported via ZDI
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3403
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-005/ http://www.zerodayinitiative.com/advisories/ZDI-09-006/ http://www.zerodayinitiative.com/advisories/ZDI-09-007/ http://www.zerodayinitiative.com/advisories/ZDI-09-008/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0246", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "6.5.1", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "4.1.2", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "7.0", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "5.0", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "6.5", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "6.1", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "6.0", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "5.0.1", }, { model: "quicktime", scope: "eq", trust: 1.6, vendor: "apple", version: "5.0.2", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.0.1", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.0.2", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1.6", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.2", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.4", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.4.1", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1.1", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1.2", }, { model: "quicktime", scope: "lte", trust: 1, vendor: "apple", version: "7.5.5", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.3", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1.5", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.0.3", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1.3", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.4.4", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "3.0", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.4.5", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.3.1.70", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.3.1", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "6.5.2", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: null, }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.5", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.0.4", }, { model: "quicktime", scope: "eq", trust: 1, vendor: "apple", version: "7.1.4", }, { model: "quicktime", scope: "lt", trust: 0.8, vendor: "apple", version: "7.6", }, { model: "quicktime", scope: "eq", trust: 0.6, vendor: "apple", version: "3", }, { model: "quicktime player", scope: "ne", trust: 0.3, vendor: "apple", version: "7.6", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.3", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.5", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "6.5.1", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.4", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.2", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "6.5", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.2", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.4.1", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "6.4", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.5", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.2", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.3.1.70", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.4", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.3", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "6.5.2", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.6", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.3.1", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.3", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.4", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.1", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.5.5", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.4.5", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "6", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "quicktime player", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.1", }, ], sources: [ { db: "BID", id: "33385", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "CNNVD", id: "CNNVD-200901-258", }, { db: "NVD", id: "CVE-2009-0001", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apple:quicktime", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2009-001604", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Attila SuszterChad DoughertyDave Soldera", sources: [ { db: "CNNVD", id: "CNNVD-200901-258", }, ], trust: 0.6, }, cve: "CVE-2009-0001", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "CVE-2009-0001", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "VHN-37447", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2009-0001", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2009-0001", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-200901-258", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-37447", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-37447", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "CNNVD", id: "CNNVD-200901-258", }, { db: "NVD", id: "CVE-2009-0001", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. Apple QuickTime is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Apple QuickTime 7.6 are vulnerable. Apple QuickTime is a multimedia framework of Apple (Apple), which can process digital video, pictures, sound and panoramic images in various formats. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA09-022A\n\n\nApple QuickTime Updates for Multiple Vulnerabilities\n\n Original release date: January 22, 2009\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Apple QuickTime 7.5 for Windows and Mac OS X\n\n\nOverview\n\n Apple has released QuickTime 7.6 to correct multiple\n vulnerabilities affecting QuickTime for Mac OS X and Windows. \n\n\nI. This file could be hosted on a web page or sent via email. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. \n\n\nIII. This and other updates are available via\n Software Update or via Apple Downloads. \n\n\nIV. References\n\n * About the security content of QuickTime 7.6 -\n <http://support.apple.com/kb/HT3403>\n\n * Apple Support Downloads - <http://support.apple.com/downloads/>\n\n * Mac OS X - updating your software -\n <http://support.apple.com/kb/HT1338?viewlocale=en_US>\n\n * Securing Your Web Browser -\n <https://www.us-cert.gov/reading_room/securing_browser/>\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n <http://www.us-cert.gov/cas/techalerts/TA09-022A.html>\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to <cert@cert.org> with \"TA09-022A Feedback VU#703068\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit <http://www.us-cert.gov/cas/signup.html>. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n <http://www.us-cert.gov/legal.html>\n ____________________________________________________________________\n\nRevision History\n \n January 22, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSXj25HIHljM+H4irAQKNIgf+LSBKBzHWdjxmJgYw3vYmAXtwpUxAVThs\nMa4vIB1vSjv8Us83S2XrKIGcKrdPgQgeS7Vji9WRMmlzEv/AYlFJseqq17ufGely\n5YosATUh+C0SjY6OAYeJNYMws7fgGcGJagtfQp0gJTRLruknEoB/iqlASBQ7MtNg\n7viHKIR8r2BxCNB1A4ir1kzPELIHFF/pmmuaD+E2PnxH1XtYLM9b9t6xbkjie2PG\nvEwv7JCGH/RrJtst480ZMIHOghsZ0ONoMkTjZB7o5S0ww3guktGOMB+/QiZI8eFB\nKbU6nB6JGscZ8Fb1E4K3yOU9MvpzEfurIvYmyMcAdxFCiq5CSUjOug==\n=B5D3\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33632\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33632/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n>From remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/advisories/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which can\nbe exploited by malicious people to compromise a user's system. \n\n1) A boundary error exists in the processing of RTSP URLs. \n\n2) An error due to improper validation of transform matrix data\nexists when processing Track Header (THKD) atoms in QuickTime Virtual\nReality (QTVR) movie files. This can be exploited to cause a\nheap-based buffer overflow via a specially crafted QTVR file. \n\n3) An error in the processing of \"nBlockAlign\" values in the\n\"_WAVEFORMATEX\" structure of AVI headers can be exploited to cause a\nheap-based buffer overflow when a specially crafted AVI file is\naccessed. \n\n4) A boundary error exists in the processing of MPEG-2 video files\ncontaining MP3 audio content, which can be exploited to cause a\nbuffer overflow via a specially crafted movie file. \n\n5) An unspecified error exists in the processing of H.263 encoded\nmovie files, which can be exploited to cause a memory corruption when\na specially crafted movie file is viewed. \n\n6) A signedness error exists within the processing of the MDAT atom\nwhen handling Cinepak encoded movie files. This can be exploited to\ncause a heap-based buffer overflow when a specially crafted movie\nfile is viewed. \n\n7) An error exists within the function JPEG_DComponentDispatch() when\nprocessing the image width data in JPEG atoms embedded in STSD atoms. \nThis can be exploited to cause a memory corruption when a specially\ncrafted movie file is viewed. \n\nSuccessful exploitation of these vulnerabilities may allow execution\nof arbitrary code. \n\nSOLUTION:\nUpdate to version 7.6. \n\nQuickTime 7.6 for Windows:\nhttp://support.apple.com/downloads/QuickTime_7_6_for_Windows\n\nQuickTime 7.6 for Leopard:\nhttp://support.apple.com/downloads/QuickTime_7_6_for_Leopard\n\nQuickTime 7.6 for Tiger:\nhttp://support.apple.com/downloads/QuickTime_7_6_for_Tiger\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Attila Suszter\n4) Chad Dougherty, CERT Coordination Center\n5) Dave Soldera, NGS Software\n\n2, 3, 6, 7) An anonymous person, reported via ZDI\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3403\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-005/\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-006/\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-007/\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-008/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", sources: [ { db: "NVD", id: "CVE-2009-0001", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "BID", id: "33385", }, { db: "VULHUB", id: "VHN-37447", }, { db: "PACKETSTORM", id: "74263", }, { db: "PACKETSTORM", id: "74228", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2009-0001", trust: 2.8, }, { db: "USCERT", id: "TA09-022A", trust: 2, }, { db: "BID", id: "33385", trust: 1.4, }, { db: "SECUNIA", id: "33632", trust: 1.3, }, { db: "VUPEN", id: "ADV-2009-0212", trust: 1.1, }, { db: "USCERT", id: "SA09-022A", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2009-001604", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200901-258", trust: 0.7, }, { db: "CS-HELP", id: "SB2022072128", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1427", trust: 0.6, }, { db: "VULHUB", id: "VHN-37447", trust: 0.1, }, { db: "PACKETSTORM", id: "74263", trust: 0.1, }, { db: "ZDI", id: "ZDI-09-008", trust: 0.1, }, { db: "ZDI", id: "ZDI-09-005", trust: 0.1, }, { db: "ZDI", id: "ZDI-09-006", trust: 0.1, }, { db: "ZDI", id: "ZDI-09-007", trust: 0.1, }, { db: "PACKETSTORM", id: "74228", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-37447", }, { db: "BID", id: "33385", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "PACKETSTORM", id: "74263", }, { db: "PACKETSTORM", id: "74228", }, { db: "CNNVD", id: "CNNVD-200901-258", }, { db: "NVD", id: "CVE-2009-0001", }, ], }, id: "VAR-200901-0246", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-37447", }, ], trust: 0.01, }, last_update_date: "2024-11-23T19:55:13.055000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT3403", trust: 0.8, url: "http://support.apple.com/kb/HT3403", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2009-001604", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-37447", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "NVD", id: "CVE-2009-0001", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "http://www.us-cert.gov/cas/techalerts/ta09-022a.html", }, { trust: 1.2, url: "http://support.apple.com/kb/ht3403", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2009/jan/msg00000.html", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/33385", }, { trust: 1.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6135", }, { trust: 1.1, url: "http://secunia.com/advisories/33632", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2009/0212", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0001", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnta09-022a/", }, { trust: 0.8, url: "http://jvn.jp/tr/jvntr-2009-04/", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0001", }, { trust: 0.8, url: "http://www.us-cert.gov/cas/alerts/sa09-022a.html", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1427/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022072128", }, { trust: 0.3, url: "http://www.apple.com/quicktime/", }, { trust: 0.1, url: "https://www.us-cert.gov/reading_room/securing_browser/>", }, { trust: 0.1, url: "http://support.apple.com/kb/ht1338?viewlocale=en_us>", }, { trust: 0.1, url: "http://support.apple.com/kb/ht3403>", }, { trust: 0.1, url: "http://support.apple.com/downloads/>", }, { trust: 0.1, url: "http://www.us-cert.gov/cas/signup.html>.", }, { trust: 0.1, url: "http://www.us-cert.gov/legal.html>", }, { trust: 0.1, url: "http://www.us-cert.gov/cas/techalerts/ta09-022a.html>", }, { trust: 0.1, url: "http://secunia.com/advisories/product/5090/", }, { trust: 0.1, url: "http://secunia.com/advisories/secunia_security_advisories/", }, { trust: 0.1, url: "http://www.zerodayinitiative.com/advisories/zdi-09-005/", }, { trust: 0.1, url: "http://www.zerodayinitiative.com/advisories/zdi-09-008/", }, { trust: 0.1, url: "http://www.zerodayinitiative.com/advisories/zdi-09-007/", }, { trust: 0.1, url: "http://secunia.com/advisories/business_solutions/", }, { trust: 0.1, url: "http://support.apple.com/downloads/quicktime_7_6_for_leopard", }, { trust: 0.1, url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org", }, { trust: 0.1, url: "http://www.zerodayinitiative.com/advisories/zdi-09-006/", }, { trust: 0.1, url: "http://support.apple.com/downloads/quicktime_7_6_for_windows", }, { trust: 0.1, url: "http://support.apple.com/downloads/quicktime_7_6_for_tiger", }, { trust: 0.1, url: "http://secunia.com/advisories/33632/", }, { trust: 0.1, url: "http://secunia.com/advisories/about_secunia_advisories/", }, ], sources: [ { db: "VULHUB", id: "VHN-37447", }, { db: "BID", id: "33385", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "PACKETSTORM", id: "74263", }, { db: "PACKETSTORM", id: "74228", }, { db: "CNNVD", id: "CNNVD-200901-258", }, { db: "NVD", id: "CVE-2009-0001", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-37447", }, { db: "BID", id: "33385", }, { db: "JVNDB", id: "JVNDB-2009-001604", }, { db: "PACKETSTORM", id: "74263", }, { db: "PACKETSTORM", id: "74228", }, { db: "CNNVD", id: "CNNVD-200901-258", }, { db: "NVD", id: "CVE-2009-0001", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2009-01-21T00:00:00", db: "VULHUB", id: "VHN-37447", }, { date: "2009-01-21T00:00:00", db: "BID", id: "33385", }, { date: "2009-07-08T00:00:00", db: "JVNDB", id: "JVNDB-2009-001604", }, { date: "2009-01-23T04:59:56", db: "PACKETSTORM", id: "74263", }, { date: "2009-01-22T13:46:43", db: "PACKETSTORM", id: "74228", }, { date: "2009-01-21T00:00:00", db: "CNNVD", id: "CNNVD-200901-258", }, { date: "2009-01-21T20:30:00.250000", db: "NVD", id: "CVE-2009-0001", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-10-30T00:00:00", db: "VULHUB", id: "VHN-37447", }, { date: "2009-01-22T16:32:00", db: "BID", id: "33385", }, { date: "2009-07-08T00:00:00", db: "JVNDB", id: "JVNDB-2009-001604", }, { date: "2022-07-22T00:00:00", db: "CNNVD", id: "CNNVD-200901-258", }, { date: "2024-11-21T00:58:49.360000", db: "NVD", id: "CVE-2009-0001", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200901-258", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple QuickTime Heap overflow vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2009-001604", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-200901-258", }, ], trust: 0.6, }, }
fkie_cve-2009-0001
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | quicktime | * | |
| apple | quicktime | - | |
| apple | quicktime | 3.0 | |
| apple | quicktime | 4.1.2 | |
| apple | quicktime | 5.0 | |
| apple | quicktime | 5.0.1 | |
| apple | quicktime | 5.0.2 | |
| apple | quicktime | 6.0 | |
| apple | quicktime | 6.1 | |
| apple | quicktime | 6.5 | |
| apple | quicktime | 6.5.1 | |
| apple | quicktime | 6.5.2 | |
| apple | quicktime | 7.0 | |
| apple | quicktime | 7.0.1 | |
| apple | quicktime | 7.0.2 | |
| apple | quicktime | 7.0.3 | |
| apple | quicktime | 7.0.4 | |
| apple | quicktime | 7.1 | |
| apple | quicktime | 7.1.1 | |
| apple | quicktime | 7.1.2 | |
| apple | quicktime | 7.1.3 | |
| apple | quicktime | 7.1.4 | |
| apple | quicktime | 7.1.5 | |
| apple | quicktime | 7.1.6 | |
| apple | quicktime | 7.2 | |
| apple | quicktime | 7.3 | |
| apple | quicktime | 7.3.1 | |
| apple | quicktime | 7.3.1.70 | |
| apple | quicktime | 7.4 | |
| apple | quicktime | 7.4.1 | |
| apple | quicktime | 7.4.4 | |
| apple | quicktime | 7.4.5 | |
| apple | quicktime | 7.5 | |
| apple | mac_os_x | 10.4.9 | |
| apple | mac_os_x | 10.5 | |
| apple | mac_os_x | 10.5.1 | |
| apple | mac_os_x | 10.5.2 | |
| apple | mac_os_x | 10.5.3 | |
| apple | mac_os_x | 10.5.4 | |
| apple | mac_os_x | 10.5.5 | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", matchCriteriaId: "26878E5F-2CE4-4867-A33F-3E531802EABC", versionEndIncluding: "7.5.5", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*", matchCriteriaId: "1EE08FAE-0862-4C36-95BC-878B04CBF397", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", matchCriteriaId: "D8F310A8-F760-4059-987D-42369F360DE4", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F71BC599-FCBE-4F1F-AA24-41AF91F82226", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", matchCriteriaId: "41473E1D-B988-4312-B16B-D340508DD473", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "FCC2EBC0-F2A6-4709-9A27-CF63BC578744", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "844E1B14-A13A-47F1-9C82-02EAEED1A911", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", matchCriteriaId: "80747BDD-70E9-4E74-896F-C79D014F1B2D", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", matchCriteriaId: "EA1E140B-BCB4-4B3C-B287-E9E944E08DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", matchCriteriaId: "9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", matchCriteriaId: "D2CE0B67-0794-472D-A2C0-CC5CA0E36370", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", matchCriteriaId: "3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8692B488-129A-49EA-AF84-6077FCDBB898", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "1758610B-3789-489E-A751-386D605E5A08", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", matchCriteriaId: "B535737C-BF32-471C-B26A-588632FCC427", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DF2C61F8-B376-40F9-8677-CADCC3295915", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", matchCriteriaId: "6254BB56-5A25-49DC-A851-3CCA249BD71D", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "795E3354-7824-4EF4-A788-3CFEB75734E4", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9419A1E9-A0DA-4846-8959-BE50B53736E5", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "952A8015-B18B-481C-AC17-60F0D7EEE085", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", matchCriteriaId: "3E518B27-A79B-43A4-AFA6-E59EF8E944D3", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", matchCriteriaId: "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", matchCriteriaId: "1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", matchCriteriaId: "98C9B657-5484-4458-861E-D6FB5019265A", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", matchCriteriaId: "1EF20D38-BFA3-4403-AB24-7B74EFD68229", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2CE2A89-B2FC-413D-A059-526E6DE301BA", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", matchCriteriaId: "7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", matchCriteriaId: "31662D02-7FA9-4FAD-BE49-194B7295CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8461AF0A-D4D3-4010-A881-EDBB95003083", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.4.4:*:*:*:*:*:*:*", matchCriteriaId: "A9E1332A-5B4D-4590-BFA5-4557C71F894B", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5C8E5C77-573F-4EA3-A59C-4A7B11946E93", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:quicktime:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0DC01580-460A-4DC3-BB6D-A9B2254EF6D8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D2442D35-7484-43D8-9077-3FDF63104816", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", matchCriteriaId: "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", matchCriteriaId: "B3267A41-1AE0-48B8-BD1F-DEC8A212851A", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", matchCriteriaId: "855288F1-0242-4951-AB3F-B7AF13E21CF6", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", matchCriteriaId: "10082781-B93E-4B84-94F2-FA9749B4D92B", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", matchCriteriaId: "AE1EBF04-C440-4A6B-93F2-DC3A812728C2", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", matchCriteriaId: "3852BB02-47A1-40B3-8E32-8D8891A53114", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", matchCriteriaId: "9B339C33-8896-4896-88FF-88E74FDBC543", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", matchCriteriaId: "CE477A73-4EE4-41E9-8694-5A3D5DC88656", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.", }, { lang: "es", value: "Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a v7.6 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección a través de una URL RTSP manipulada.", }, ], id: "CVE-2009-0001", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-01-21T20:30:00.250", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33632", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3403", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/33385", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/0212", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/33385", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-022A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0212", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6135", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.