cvelistv5 - cve-2009-0008

CVE-2009-0008 (GCVE-0-2009-0008)

Vulnerability from cvelistv5

Published

2009-01-22 18:00

Modified

2024-08-07 04:17

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33642	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3404	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33393
cve@mitre.org	http://www.securitytracker.com/id?1021621
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0211
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48162
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33642	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3404	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33393
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021621
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0211
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48162
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2009-01-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
          },
          {
            "name": "33393",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3404"
          },
          {
            "name": "quicktime-mpeg2playback-code-execution(48162)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
          },
          {
            "name": "oval:org.mitre.oval:def:5974",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
          },
          {
            "name": "33642",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33642"
          },
          {
            "name": "1021621",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021621"
          },
          {
            "name": "ADV-2009-0211",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0211"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2009-01-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
        },
        {
          "name": "33393",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3404"
        },
        {
          "name": "quicktime-mpeg2playback-code-execution(48162)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
        },
        {
          "name": "oval:org.mitre.oval:def:5974",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
        },
        {
          "name": "33642",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33642"
        },
        {
          "name": "1021621",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021621"
        },
        {
          "name": "ADV-2009-0211",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0211"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2009-01-21",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
            },
            {
              "name": "33393",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33393"
            },
            {
              "name": "http://support.apple.com/kb/HT3404",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3404"
            },
            {
              "name": "quicktime-mpeg2playback-code-execution(48162)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
            },
            {
              "name": "oval:org.mitre.oval:def:5974",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
            },
            {
              "name": "33642",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33642"
            },
            {
              "name": "1021621",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021621"
            },
            {
              "name": "ADV-2009-0211",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0211"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0008",
    "datePublished": "2009-01-22T18:00:00",
    "dateReserved": "2008-12-15T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.343Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0008\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-01-22T18:30:03.797\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Apple QuickTime MPEG-2 Playback Component antes de v7.60.92.0 en Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante una pel\u00edcula MPEG-2 manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime_mpeg-2_playback_component:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A597C3FD-4C3D-4979-9BF9-AE897575413E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33642\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3404\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33393\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021621\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0211\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48162\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0211\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"per http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html\\r\\n\\r\\n\\\"This issue does not\\r\\naffect systems running Mac OS X.\\\"\"}}"
  }
}

gsd-2009-0008

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-0008

Aliases

CVE-2009-0008

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0008",
    "description": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.",
    "id": "GSD-2009-0008"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0008"
      ],
      "details": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.",
      "id": "GSD-2009-0008",
      "modified": "2023-12-13T01:19:44.231078Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0008",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2009-01-21",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
          },
          {
            "name": "33393",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33393"
          },
          {
            "name": "http://support.apple.com/kb/HT3404",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3404"
          },
          {
            "name": "quicktime-mpeg2playback-code-execution(48162)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
          },
          {
            "name": "oval:org.mitre.oval:def:5974",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
          },
          {
            "name": "33642",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33642"
          },
          {
            "name": "1021621",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021621"
          },
          {
            "name": "ADV-2009-0211",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0211"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime_mpeg-2_playback_component:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0008"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33393",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33393"
            },
            {
              "name": "APPLE-SA-2009-01-21",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3404",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3404"
            },
            {
              "name": "33642",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33642"
            },
            {
              "name": "1021621",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021621"
            },
            {
              "name": "ADV-2009-0211",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0211"
            },
            {
              "name": "quicktime-mpeg2playback-code-execution(48162)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
            },
            {
              "name": "oval:org.mitre.oval:def:5974",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-29T01:33Z",
      "publishedDate": "2009-01-22T18:30Z"
    }
  }
}

CERTA-2009-AVI-029

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectant le logiciel Apple QuickTime et permettant l'exécution de code arbitraire à distances ont été corrigées.

Description

Sept vulnérabilités affectant le logiciel Apple QuickTime, concernant le traitement de différents formats de fichiers et permettant l'exécution de code arbitraire ont été corrigées (CVE-2009-0001 à CVE-2009-0007). Elles concernent :

le traitement des adresses RTSP (Real Time Streaming Protocol) ;
les fichiers au format QTVR ;
la lecture des fichiers AVI ;
les fichiers au format MPEG-2 contenant du son au format MP3 ;
les films compressés au format H.263 ;
les vidéos utilisant la compression Cinepak ;
les films contenant des images JPEG au format ATOM ;

Une autre vulnérabilité affectant le composant optionnel MPEG-2 Playback pour Windows a été corrigée dans la version 7.60.92.0 (CVE-2009-0008).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions de Apple QuickTime antérieures à la 7.6.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

fkie_cve-2009-0008

Vulnerability from fkie_nvd

Published

2009-01-22 18:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33642	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3404	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33393
cve@mitre.org	http://www.securitytracker.com/id?1021621
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0211
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48162
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33642	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3404	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33393
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021621
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0211
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48162
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974

Impacted products

Vendor	Product	Version
apple	quicktime_mpeg-2_playback_component	*
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime_mpeg-2_playback_component:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A597C3FD-4C3D-4979-9BF9-AE897575413E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Apple QuickTime MPEG-2 Playback Component antes de v7.60.92.0 en Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante una pel\u00edcula MPEG-2 manipulada."
    }
  ],
  "evaluatorComment": "per http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html\r\n\r\n\"This issue does not\r\naffect systems running Mac OS X.\"",
  "id": "CVE-2009-0008",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-01-22T18:30:03.797",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3404"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33393"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0211"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200901-0253

Vulnerability from variot

Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Windows XP SP2 and SP3. Apple QuickTime is a very popular multimedia player. The QuickTime MPEG-2 Playback Component allows QuickTime users to import and play back format-specific MPEG-2 content, available for purchase and download separately from the Apple Online Store. ----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more: http://secunia.com/advisories/business_solutions/

TITLE: Apple QuickTime MPEG-2 Playback Component Input Validation Vulnerability

SECUNIA ADVISORY ID: SA33642

VERIFY ADVISORY: http://secunia.com/advisories/33642/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: Apple QuickTime MPEG-2 Playback Component 7.x http://secunia.com/advisories/product/21083/

DESCRIPTION: A vulnerability has been reported in the Apple QuickTime MPEG-2 Playback component, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is reported in QuickTime MPEG-2 Playback Component for Windows in versions prior to 7.60.92.0.

SOLUTION: Update to version 7.60.92.0.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Richard Lemon, Code Lemon

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3404

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0253",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quicktime mpeg-2 playback component",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "quicktime",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "quicktime mpeg-2 playback component",
        "scope": null,
        "trust": 0.6,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "quicktime mpeg-2 playback component",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.60"
      },
      {
        "model": "quicktime mpeg-2 playback component",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.60.920"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:quicktime",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Richard Lemon",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-0008",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2009-0008",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-37454",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-0008",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-0008",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200901-288",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-37454",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. \nThis issue affects Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Windows XP SP2 and SP3. Apple QuickTime is a very popular multimedia player. The QuickTime MPEG-2 Playback Component allows QuickTime users to import and play back format-specific MPEG-2 content, available for purchase and download separately from the Apple Online Store. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime MPEG-2 Playback Component Input Validation\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA33642\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33642/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime MPEG-2 Playback Component 7.x\nhttp://secunia.com/advisories/product/21083/\n\nDESCRIPTION:\nA vulnerability has been reported in the Apple QuickTime MPEG-2\nPlayback component, which can potentially be exploited by malicious\npeople to compromise a user\u0027s system. \n\nThe vulnerability is reported in QuickTime MPEG-2 Playback Component\nfor Windows in versions prior to 7.60.92.0. \n\nSOLUTION:\nUpdate to version 7.60.92.0. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Richard Lemon, Code Lemon\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3404\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "BID",
        "id": "33393"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "db": "PACKETSTORM",
        "id": "74233"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-0008",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "33393",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "33642",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0211",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1021621",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "2",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "48162",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2009-01-21",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5974",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-37454",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "74233",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "db": "BID",
        "id": "33393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "PACKETSTORM",
        "id": "74233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "id": "VAR-200901-0253",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:31:48.830000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3403",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3403"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht3404"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2009/jan/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/33393"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1021621"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/33642"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5974"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/0211"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0008"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0008"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/48162"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2009/0211"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5974"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.3,
        "url": "http://support.apple.com/kb/ht3381"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/mpeg2/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33642/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/21083/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "db": "BID",
        "id": "33393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "PACKETSTORM",
        "id": "74233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "db": "BID",
        "id": "33393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "db": "PACKETSTORM",
        "id": "74233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-01-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "date": "2009-01-21T00:00:00",
        "db": "BID",
        "id": "33393"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "date": "2009-01-22T07:58:43",
        "db": "PACKETSTORM",
        "id": "74233"
      },
      {
        "date": "2009-01-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "date": "2009-01-22T18:30:03.797000",
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37454"
      },
      {
        "date": "2009-01-21T22:02:00",
        "db": "BID",
        "id": "33393"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      },
      {
        "date": "2024-11-21T00:58:51.077000",
        "db": "NVD",
        "id": "CVE-2009-0008"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows Run on  Apple QuickTime of  MPEG-2 Playback Component Service disruption in  (DoS) Or arbitrary code execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001597"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-288"
      }
    ],
    "trust": 0.6
  }
}

ghsa-ghmf-jgq5-5fc9

Vulnerability from github

Published

2022-05-02 03:12

Modified

2022-05-02 03:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-22T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.",
  "id": "GHSA-ghmf-jgq5-5fc9",
  "modified": "2022-05-02T03:12:26Z",
  "published": "2022-05-02T03:12:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0008"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33642"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3404"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33393"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021621"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0211"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-0008 (GCVE-0-2009-0008)

Vulnerability from cvelistv5

gsd-2009-0008

Vulnerability from gsd

CERTA-2009-AVI-029

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2009-0008

Vulnerability from fkie_nvd

var-200901-0253

Vulnerability from variot

ghsa-ghmf-jgq5-5fc9

Vulnerability from github

Tags

Sightings

Nomenclature