var-200901-0253
Vulnerability from variot
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Windows XP SP2 and SP3. Apple QuickTime is a very popular multimedia player. The QuickTime MPEG-2 Playback Component allows QuickTime users to import and play back format-specific MPEG-2 content, available for purchase and download separately from the Apple Online Store. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: Apple QuickTime MPEG-2 Playback Component Input Validation Vulnerability
SECUNIA ADVISORY ID: SA33642
VERIFY ADVISORY: http://secunia.com/advisories/33642/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime MPEG-2 Playback Component 7.x http://secunia.com/advisories/product/21083/
DESCRIPTION: A vulnerability has been reported in the Apple QuickTime MPEG-2 Playback component, which can potentially be exploited by malicious people to compromise a user's system.
The vulnerability is reported in QuickTime MPEG-2 Playback Component for Windows in versions prior to 7.60.92.0.
SOLUTION: Update to version 7.60.92.0.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Richard Lemon, Code Lemon
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3404
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime mpeg-2 playback component",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "quicktime mpeg-2 playback component",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "quicktime mpeg-2 playback component",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.60"
},
{
"model": "quicktime mpeg-2 playback component",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.60.920"
}
],
"sources": [
{
"db": "BID",
"id": "33393"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Richard Lemon",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2009-0008",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-37454",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-0008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-288",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-37454",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37454"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. \nThis issue affects Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Windows XP SP2 and SP3. Apple QuickTime is a very popular multimedia player. The QuickTime MPEG-2 Playback Component allows QuickTime users to import and play back format-specific MPEG-2 content, available for purchase and download separately from the Apple Online Store. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime MPEG-2 Playback Component Input Validation\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA33642\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33642/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime MPEG-2 Playback Component 7.x\nhttp://secunia.com/advisories/product/21083/\n\nDESCRIPTION:\nA vulnerability has been reported in the Apple QuickTime MPEG-2\nPlayback component, which can potentially be exploited by malicious\npeople to compromise a user\u0027s system. \n\nThe vulnerability is reported in QuickTime MPEG-2 Playback Component\nfor Windows in versions prior to 7.60.92.0. \n\nSOLUTION:\nUpdate to version 7.60.92.0. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Richard Lemon, Code Lemon\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3404\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0008"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "BID",
"id": "33393"
},
{
"db": "VULHUB",
"id": "VHN-37454"
},
{
"db": "PACKETSTORM",
"id": "74233"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0008",
"trust": 2.8
},
{
"db": "BID",
"id": "33393",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "33642",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-0211",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1021621",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200901-288",
"trust": 0.7
},
{
"db": "XF",
"id": "2",
"trust": 0.6
},
{
"db": "XF",
"id": "48162",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-01-21",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5974",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-37454",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74233",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37454"
},
{
"db": "BID",
"id": "33393"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "PACKETSTORM",
"id": "74233"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"id": "VAR-200901-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37454"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:31:48.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3403",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3403"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37454"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3404"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2009/jan/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/33393"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021621"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33642"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5974"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/0211"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48162"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0008"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0008"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/48162"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2009/0211"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5974"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht3381"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/mpeg2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33642/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21083/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37454"
},
{
"db": "BID",
"id": "33393"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "PACKETSTORM",
"id": "74233"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-37454"
},
{
"db": "BID",
"id": "33393"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"db": "PACKETSTORM",
"id": "74233"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-37454"
},
{
"date": "2009-01-21T00:00:00",
"db": "BID",
"id": "33393"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"date": "2009-01-22T07:58:43",
"db": "PACKETSTORM",
"id": "74233"
},
{
"date": "2009-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"date": "2009-01-22T18:30:03.797000",
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-37454"
},
{
"date": "2009-01-21T22:02:00",
"db": "BID",
"id": "33393"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001597"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-288"
},
{
"date": "2024-11-21T00:58:51.077000",
"db": "NVD",
"id": "CVE-2009-0008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Run on Apple QuickTime of MPEG-2 Playback Component Service disruption in (DoS) Or arbitrary code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001597"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-288"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…