fkie_cve-2008-3614
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
cve@mitre.orghttp://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
cve@mitre.orghttp://secunia.com/advisories/31821
cve@mitre.orghttp://secunia.com/advisories/31882
cve@mitre.orghttp://securitytracker.com/id?1020841
cve@mitre.orghttp://support.apple.com/kb/HT3027
cve@mitre.orghttp://support.apple.com/kb/HT3137
cve@mitre.orghttp://www.securityfocus.com/bid/31086
cve@mitre.orghttp://www.securitytracker.com/id?1020879
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA08-260A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2527
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2584
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15851
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31821
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31882
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020841
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3027
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3137
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31086
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020879
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2527
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2584
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15851
Impacted products
Vendor Product Version
apple quicktime *
apple quicktime 7.0
apple quicktime 7.0.1
apple quicktime 7.0.2
apple quicktime 7.0.3
apple quicktime 7.0.4
apple quicktime 7.1
apple quicktime 7.1.1
apple quicktime 7.1.2
apple quicktime 7.1.3
apple quicktime 7.1.4
apple quicktime 7.1.5
apple quicktime 7.1.6
apple quicktime 7.2
apple quicktime 7.3
apple quicktime 7.3.1
apple quicktime 7.3.1.70
apple quicktime 7.4
apple quicktime 7.4.1
apple quicktime 7.4.5
microsoft windows-nt xp
microsoft windows_vista -
microsoft windows_xp -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70DDAE09-0183-4BF4-8053-D80E6AE9F1C2",
              "versionEndIncluding": "7.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C9B657-5484-4458-861E-D6FB5019265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF20D38-BFA3-4403-AB24-7B74EFD68229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CE2A89-B2FC-413D-A059-526E6DE301BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31662D02-7FA9-4FAD-BE49-194B7295CEE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8461AF0A-D4D3-4010-A881-EDBB95003083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C8E5C77-573F-4EA3-A59C-4A7B11946E93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en Apple QuickTime anterior 7.5.5 sobre Windows, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una imagen PICT manipulada que lanza un corrupci\u00f3n de mont\u00edculo (heap)."
    }
  ],
  "id": "CVE-2008-3614",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:13:09.243",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3027"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31086"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020879"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2527"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2584"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15851"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.