var-200801-0015
Vulnerability from variot
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. Apple QuickTime is prone to a buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. If a user is tricked into opening a malicious PICT file, this overflow may be triggered, resulting in denial of service or execution of arbitrary instructions.
I. Description
Apple QuickTime 7.4 resolves multiple vulnerabilities in the way different types of image and media files are handled.
Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable.
II. For further information, please see About the security content of QuickTime 7.4.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4. This and other updates for Mac OS X are available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.
References
* About the security content of the QuickTime 7.4 Update -
<http://docs.info.apple.com/article.html?artnum=307301>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-016A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-016A Feedback VU#818697" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 16, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR45mevRFkHkM87XOAQLP6AgAj7J4sy83ZWEKfcDb2brgHptxAwqvArkZ HzV+5lGg1A86V4/MARlxXctWv5JH3e2knx5ZoMUN8napP9VEag2Ra68Zdh9lKu1S nfCRRwcIj38iakuv7xKrNt1AJHj3rHguzCjvWu8gHEJtlb15zqVr97Ci9LuNdLP3 W4hdsIxuzYQl7Ou5+j0Z9bhH1WWZRjmabsop+b0ApxeZI2F6mJn0rscRvxPQYBls ims6CP7YseK4+ElJHAMEJfW/6gPhwyedjgesd0jssYvhtYdufn4OCZvwL+p9QSlQ +E+UKcws4BHlEpg0dQhA13REQxwqqMgSWdm3NU8hbGdEJAJGH0cYNQ== =emKJ -----END PGP SIGNATURE----- .
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
2) An error exists in the processing of Macintosh Resources embedded in QuickTime movies. This can be exploited to cause a memory corruption via an overly large length value stored in the resource header in a specially crafted QuickTime movie file.
QuickTime 7.4 for Leopard: http://www.apple.com/support/downloads/quicktime74forleopard.html
QuickTime 7.4 for Tiger: http://www.apple.com/support/downloads/quicktime74fortiger.html
QuickTime 7.4 for Panther: http://www.apple.com/support/downloads/quicktime74forpanther.html
QuickTime 7.4 for Windows: http://www.apple.com/support/downloads/quicktime74forwindows.html
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Joe Schottman of Virginia Tech 2) Jun Mao, VeriSign iDefense Labs. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Apple TV Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31034
VERIFY ADVISORY: http://secunia.com/advisories/31034/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
OPERATING SYSTEM: Apple TV 2.x http://secunia.com/product/19289/
DESCRIPTION: Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error in the handling of data reference atoms in movie files can be exploited to cause a buffer overflow.
For more information see vulnerability #3 in: SA29650
2) A boundary error in the handling of "crgn" atoms in movie files can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #5 in: SA29650
3) A boundary error in the handling of "chan" atoms in movie files can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #6 in: SA29650
4) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs.
For more more information see vulnerability #5 in: SA29293
5) A boundary error when handling RTSP replies can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #4 in: SA28502
SOLUTION: Update to version 2.1.
PROVIDED AND/OR DISCOVERED BY: 1,6) Chris Ries of Carnegie Mellon University Computing Services. 2) Sanbin Li, reporting via ZDI. 3) An anonymous researcher, reporting via ZDI. 4) Independently discovered by: * Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs * Petko D. (pdp) Petkov, GNUCITIZEN 5) Luigi Auriemma
ORIGINAL ADVISORY: http://support.apple.com/kb/HT2304
OTHER REFERENCES: SA28423: http://secunia.com/advisories/28423/
SA28502: http://secunia.com/advisories/28502/
SA29293: http://secunia.com/advisories/29293/
SA29650: http://secunia.com/advisories/29650/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "lte",
"trust": 1.8,
"vendor": "apple",
"version": "7.3"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
}
],
"sources": [
{
"db": "BID",
"id": "27300"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Ries",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0036",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2008-0036",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-30161",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0036",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-0036",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-217",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-30161",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30161"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. Apple QuickTime is prone to a buffer-overflow vulnerability. \nAn attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file. Failed exploit attempts likely result in denial-of-service conditions. \nThis issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. If a user is tricked into opening a malicious PICT file, this overflow may be triggered, resulting in denial of service or execution of arbitrary instructions. \n\n\nI. Description\n\n Apple QuickTime 7.4 resolves multiple vulnerabilities in the way\n different types of image and media files are handled. \n\n Note that Apple iTunes installs QuickTime, so any system with iTunes\n is vulnerable. \n\n\nII. For\n further information, please see About the security content of\n QuickTime 7.4. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.4. This and other updates for Mac OS X are\n available via Apple Update. \n\nSecure your web browser\n\n To help mitigate these and other vulnerabilities that can be exploited\n via a web browser, refer to Securing Your Web Browser. \n\n\nReferences\n\n * About the security content of the QuickTime 7.4 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=307301\u003e\n \n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n \n * Apple - QuickTime - Download -\n \u003chttp://www.apple.com/quicktime/download/\u003e\n \n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n \n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n \n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA08-016A.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-016A Feedback VU#818697\" in the\n subject. \n _________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\n \nRevision History\n\n January 16, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR45mevRFkHkM87XOAQLP6AgAj7J4sy83ZWEKfcDb2brgHptxAwqvArkZ\nHzV+5lGg1A86V4/MARlxXctWv5JH3e2knx5ZoMUN8napP9VEag2Ra68Zdh9lKu1S\nnfCRRwcIj38iakuv7xKrNt1AJHj3rHguzCjvWu8gHEJtlb15zqVr97Ci9LuNdLP3\nW4hdsIxuzYQl7Ou5+j0Z9bhH1WWZRjmabsop+b0ApxeZI2F6mJn0rscRvxPQYBls\nims6CP7YseK4+ElJHAMEJfW/6gPhwyedjgesd0jssYvhtYdufn4OCZvwL+p9QSlQ\n+E+UKcws4BHlEpg0dQhA13REQxwqqMgSWdm3NU8hbGdEJAJGH0cYNQ==\n=emKJ\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\n2) An error exists in the processing of Macintosh Resources embedded\nin QuickTime movies. This can be exploited to cause a memory\ncorruption via an overly large length value stored in the resource\nheader in a specially crafted QuickTime movie file. \n\nQuickTime 7.4 for Leopard:\nhttp://www.apple.com/support/downloads/quicktime74forleopard.html\n\nQuickTime 7.4 for Tiger:\nhttp://www.apple.com/support/downloads/quicktime74fortiger.html\n\nQuickTime 7.4 for Panther:\nhttp://www.apple.com/support/downloads/quicktime74forpanther.html\n\nQuickTime 7.4 for Windows:\nhttp://www.apple.com/support/downloads/quicktime74forwindows.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Joe Schottman of Virginia Tech\n2) Jun Mao, VeriSign iDefense Labs. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple TV Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31034\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31034/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple TV 2.x\nhttp://secunia.com/product/19289/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple TV, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n1) A boundary error in the handling of data reference atoms in movie\nfiles can be exploited to cause a buffer overflow. \n\nFor more information see vulnerability #3 in:\nSA29650\n\n2) A boundary error in the handling of \"crgn\" atoms in movie files\ncan be exploited to cause a heap-based buffer overflow. \n\nFor more information see vulnerability #5 in:\nSA29650\n\n3) A boundary error in the handling of \"chan\" atoms in movie files\ncan be exploited to cause a heap-based buffer overflow. \n\nFor more information see vulnerability #6 in:\nSA29650\n\n4) An error in the handling of \"file:\" URLs can be exploited to e.g. \nexecute arbitrary programs. \n\nFor more more information see vulnerability #5 in:\nSA29293\n\n5) A boundary error when handling RTSP replies can be exploited to\ncause a heap-based buffer overflow. \n\nFor more information see vulnerability #4 in:\nSA28502\n\nSOLUTION:\nUpdate to version 2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n1,6) Chris Ries of Carnegie Mellon University Computing Services. \n2) Sanbin Li, reporting via ZDI. \n3) An anonymous researcher, reporting via ZDI. \n4) Independently discovered by:\n* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs\n* Petko D. (pdp) Petkov, GNUCITIZEN\n5) Luigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT2304\n\nOTHER REFERENCES:\nSA28423:\nhttp://secunia.com/advisories/28423/\n\nSA28502:\nhttp://secunia.com/advisories/28502/\n\nSA29293:\nhttp://secunia.com/advisories/29293/\n\nSA29650:\nhttp://secunia.com/advisories/29650/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0036"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "BID",
"id": "27300"
},
{
"db": "VULHUB",
"id": "VHN-30161"
},
{
"db": "PACKETSTORM",
"id": "62716"
},
{
"db": "PACKETSTORM",
"id": "62685"
},
{
"db": "PACKETSTORM",
"id": "68131"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0036",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA08-016A",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "28502",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019221",
"trust": 2.5
},
{
"db": "BID",
"id": "27300",
"trust": 2.2
},
{
"db": "VUPEN",
"id": "ADV-2008-0148",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31034",
"trust": 1.2
},
{
"db": "VUPEN",
"id": "ADV-2008-2064",
"trust": 1.1
},
{
"db": "XF",
"id": "39698",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA08-016A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-01-15",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA08-016A",
"trust": 0.6
},
{
"db": "XF",
"id": "39695",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "11389",
"trust": 0.6
},
{
"db": "BID",
"id": "27298",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-30161",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62716",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62685",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68131",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30161"
},
{
"db": "BID",
"id": "27300"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "PACKETSTORM",
"id": "62716"
},
{
"db": "PACKETSTORM",
"id": "62685"
},
{
"db": "PACKETSTORM",
"id": "68131"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"id": "VAR-200801-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30161"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:48:32.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple TV 2.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT2304"
},
{
"title": "QuickTime 7.4",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307301-en"
},
{
"title": "QuickTime 7.4",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307301-ja"
},
{
"title": "Apple TV 2.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT2304?locale=ja_JP"
},
{
"title": "TA08-016A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-016a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30161"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-016a.html"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019221"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/28502"
},
{
"trust": 2.1,
"url": "http://docs.info.apple.com/article.html?artnum=307301"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/27300"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/jan/msg00001.html"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/0148"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2008//jul/msg00000.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/31034"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0148"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2064/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39698"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0036"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/39698"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-016a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-016a"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0036"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-016a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2008/20080117_135357.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39695"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/27298"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11389"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/swupdates/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/28502/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-016a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=307301\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime74forleopard.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime74forwindows.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://dvlabs.tippingpoint.com/advisory/tpti-08-01"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime74fortiger.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime74forpanther.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31034/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28423/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht2304"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19289/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29293/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29650/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30161"
},
{
"db": "BID",
"id": "27300"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "PACKETSTORM",
"id": "62716"
},
{
"db": "PACKETSTORM",
"id": "62685"
},
{
"db": "PACKETSTORM",
"id": "68131"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30161"
},
{
"db": "BID",
"id": "27300"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"db": "PACKETSTORM",
"id": "62716"
},
{
"db": "PACKETSTORM",
"id": "62685"
},
{
"db": "PACKETSTORM",
"id": "68131"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-30161"
},
{
"date": "2008-01-15T00:00:00",
"db": "BID",
"id": "27300"
},
{
"date": "2008-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"date": "2008-01-17T05:49:01",
"db": "PACKETSTORM",
"id": "62716"
},
{
"date": "2008-01-17T04:45:41",
"db": "PACKETSTORM",
"id": "62685"
},
{
"date": "2008-07-11T22:41:13",
"db": "PACKETSTORM",
"id": "68131"
},
{
"date": "2008-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"date": "2008-01-16T03:00:00",
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-30161"
},
{
"date": "2008-07-10T19:19:00",
"db": "BID",
"id": "27300"
},
{
"date": "2008-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001036"
},
{
"date": "2009-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-217"
},
{
"date": "2024-11-21T00:41:00.810000",
"db": "NVD",
"id": "CVE-2008-0036"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "62716"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime In PICT Buffer overflow vulnerability in image decoding",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-217"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…