cvelistv5 - CVE-2008-0033

CVE-2008-0033 (GCVE-0-2008-0033)

Vulnerability from cvelistv5 – Published: 2008-01-16 02:00 – Updated: 2024-08-07 07:32

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/486413/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/28502	third-party-advisoryx_refsource_SECUNIA
	http://dvlabs.tippingpoint.com/advisory/TPTI-08-01	x_refsource_MISC
	http://docs.info.apple.com/article.html?artnum=307301	x_refsource_CONFIRM
	http://www.us-cert.gov/cas/techalerts/TA08-016A.html	third-party-advisoryx_refsource_CERT
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2008/0148	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/27299	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1019221	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
          },
          {
            "name": "28502",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28502"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307301"
          },
          {
            "name": "TA08-016A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
          },
          {
            "name": "APPLE-SA-2008-01-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
          },
          {
            "name": "ADV-2008-0148",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0148"
          },
          {
            "name": "27299",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27299"
          },
          {
            "name": "1019221",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019221"
          },
          {
            "name": "quicktime-idsc-code-execution(39697)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
        },
        {
          "name": "28502",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28502"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307301"
        },
        {
          "name": "TA08-016A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
        },
        {
          "name": "APPLE-SA-2008-01-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
        },
        {
          "name": "ADV-2008-0148",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0148"
        },
        {
          "name": "27299",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27299"
        },
        {
          "name": "1019221",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019221"
        },
        {
          "name": "quicktime-idsc-code-execution(39697)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
            },
            {
              "name": "28502",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28502"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307301",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307301"
            },
            {
              "name": "TA08-016A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
            },
            {
              "name": "APPLE-SA-2008-01-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
            },
            {
              "name": "ADV-2008-0148",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0148"
            },
            {
              "name": "27299",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27299"
            },
            {
              "name": "1019221",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019221"
            },
            {
              "name": "quicktime-idsc-code-execution(39697)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0033",
    "datePublished": "2008-01-16T02:00:00",
    "dateReserved": "2008-01-03T00:00:00",
    "dateUpdated": "2024-08-07T07:32:23.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.3.1.70\", \"matchCriteriaId\": \"A93D8F3E-D7CF-4C11-BE95-BD5BBEB3F7B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad no especificada en Apple QuickTime versiones anteriores a 7.4, permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (finalizaci\\u00f3n de aplicaci\\u00f3n) y ejecutar c\\u00f3digo arbitrario por medio de un archivo de pel\\u00edcula con \\u00e1tomos de Image Descriptor (IDSC) que contiene un tama\\u00f1o de \\u00e1tomo no v\\u00e1lido, lo que desencadena una corrupci\\u00f3n de la memoria.\"}]",
      "id": "CVE-2008-0033",
      "lastModified": "2024-11-21T00:41:00.350",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-01-16T03:00:00.000",
      "references": "[{\"url\": \"http://docs.info.apple.com/article.html?artnum=307301\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://dvlabs.tippingpoint.com/advisory/TPTI-08-01\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28502\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/486413/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27299\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019221\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-016A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0148\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39697\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=307301\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://dvlabs.tippingpoint.com/advisory/TPTI-08-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28502\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/486413/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27299\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-016A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0148\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39697\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0033\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-16T03:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad no especificada en Apple QuickTime versiones anteriores a 7.4, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (finalizaci\u00f3n de aplicaci\u00f3n) y ejecutar c\u00f3digo arbitrario por medio de un archivo de pel\u00edcula con \u00e1tomos de Image Descriptor (IDSC) que contiene un tama\u00f1o de \u00e1tomo no v\u00e1lido, lo que desencadena una corrupci\u00f3n de la memoria.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3.1.70\",\"matchCriteriaId\":\"A93D8F3E-D7CF-4C11-BE95-BD5BBEB3F7B3\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307301\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-08-01\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28502\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/486413/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27299\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019221\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-016A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0148\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39697\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-08-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28502\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/486413/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27299\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-016A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-P63G-J95C-8CVH

Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2022-05-01 23:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0033"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-16T03:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.",
  "id": "GHSA-p63g-j95c-8cvh",
  "modified": "2022-05-01T23:27:17Z",
  "published": "2022-05-01T23:27:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0033"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307301"
    },
    {
      "type": "WEB",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28502"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27299"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019221"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0148"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-025

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans Apple QuickTime. Elles permettraient, exploitées par le biais de fichiers multimédia spécialement construits, d'exécuter des commandes arbitraires sur le système ayant un lecteur vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans Apple QuickTime. Elles concernent les fichiers multimédia au format vidéo Sorenson 3 et les images PICT, ainsi que la manipulation des informations Macintosh Resource d'un fichier vidéo ou l'analyse des atomes de description d'images (IDSC).

Ces vulnérabilités peuvent être exploitées par le biais de fichiers multimédia spécialement construits. La lecture de ceux-ci pourrait alors permettre d'exécuter du code arbitraire sur le système ayant une version de QuickTime vulnérable.

Solution

Se référer au bulletin de sécurité Apple 307301 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple QuickTime, pour les versions antérieures à 7.4.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307301 du 15 janvier 2008	None	vendor-advisory
Bulletin de sécurité Apple 307301-fr du 15 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple QuickTime, pour les versions ant\u00e9rieures \u00e0 7.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Apple QuickTime. Elles\nconcernent les fichiers multim\u00e9dia au format vid\u00e9o Sorenson 3 et les\nimages PICT, ainsi que la manipulation des informations Macintosh\nResource d\u0027un fichier vid\u00e9o ou l\u0027analyse des atomes de description\nd\u0027images (IDSC).\n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par le biais de fichiers\nmultim\u00e9dia sp\u00e9cialement construits. La lecture de ceux-ci pourrait alors\npermettre d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ayant une version\nde QuickTime vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307301 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0033"
    },
    {
      "name": "CVE-2008-0032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0032"
    },
    {
      "name": "CVE-2008-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0036"
    },
    {
      "name": "CVE-2007-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0031"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307301-fr du 15 janvier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307301-fr"
    }
  ],
  "reference": "CERTA-2008-AVI-025",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Apple QuickTime. Elles\npermettraient, exploit\u00e9es par le biais de fichiers multim\u00e9dia\nsp\u00e9cialement construits, d\u0027ex\u00e9cuter des commandes arbitraires sur le\nsyst\u00e8me ayant un lecteur vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307301 du 15 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-025

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité Apple 307301 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple QuickTime, pour les versions antérieures à 7.4.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307301 du 15 janvier 2008	None	vendor-advisory
Bulletin de sécurité Apple 307301-fr du 15 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple QuickTime, pour les versions ant\u00e9rieures \u00e0 7.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Apple QuickTime. Elles\nconcernent les fichiers multim\u00e9dia au format vid\u00e9o Sorenson 3 et les\nimages PICT, ainsi que la manipulation des informations Macintosh\nResource d\u0027un fichier vid\u00e9o ou l\u0027analyse des atomes de description\nd\u0027images (IDSC).\n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par le biais de fichiers\nmultim\u00e9dia sp\u00e9cialement construits. La lecture de ceux-ci pourrait alors\npermettre d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ayant une version\nde QuickTime vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307301 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0033"
    },
    {
      "name": "CVE-2008-0032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0032"
    },
    {
      "name": "CVE-2008-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0036"
    },
    {
      "name": "CVE-2007-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0031"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307301-fr du 15 janvier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307301-fr"
    }
  ],
  "reference": "CERTA-2008-AVI-025",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Apple QuickTime. Elles\npermettraient, exploit\u00e9es par le biais de fichiers multim\u00e9dia\nsp\u00e9cialement construits, d\u0027ex\u00e9cuter des commandes arbitraires sur le\nsyst\u00e8me ayant un lecteur vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307301 du 15 janvier 2008",
      "url": null
    }
  ]
}

VAR-200801-0012

Vulnerability from variot - Updated: 2023-12-18 12:12

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

I. Description

Apple QuickTime 7.4 resolves multiple vulnerabilities in the way different types of image and media files are handled.

Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable.

II. For further information, please see About the security content of QuickTime 7.4.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.4. This and other updates for Mac OS X are available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.

References

* About the security content of the QuickTime 7.4 Update -
  <http://docs.info.apple.com/article.html?artnum=307301>

* How to tell if Software Update for Windows is working correctly
  when no updates are available -
  <http://docs.info.apple.com/article.html?artnum=304263>

* Apple - QuickTime - Download -
  <http://www.apple.com/quicktime/download/>

* Mac OS X: Updating your software -
  <http://docs.info.apple.com/article.html?artnum=106704>

* Securing Your Web Browser -
  <http://www.us-cert.gov/reading_room/securing_browser/>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA08-016A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-016A Feedback VU#818697" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2007 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

January 16, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR45mevRFkHkM87XOAQLP6AgAj7J4sy83ZWEKfcDb2brgHptxAwqvArkZ HzV+5lGg1A86V4/MARlxXctWv5JH3e2knx5ZoMUN8napP9VEag2Ra68Zdh9lKu1S nfCRRwcIj38iakuv7xKrNt1AJHj3rHguzCjvWu8gHEJtlb15zqVr97Ci9LuNdLP3 W4hdsIxuzYQl7Ou5+j0Z9bhH1WWZRjmabsop+b0ApxeZI2F6mJn0rscRvxPQYBls ims6CP7YseK4+ElJHAMEJfW/6gPhwyedjgesd0jssYvhtYdufn4OCZvwL+p9QSlQ +E+UKcws4BHlEpg0dQhA13REQxwqqMgSWdm3NU8hbGdEJAJGH0cYNQ== =emKJ -----END PGP SIGNATURE----- .

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: Apple QuickTime Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA28502

VERIFY ADVISORY: http://secunia.com/advisories/28502/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/

DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a vulnerable system.

2) An error exists in the processing of Macintosh Resources embedded in QuickTime movies. This can be exploited to cause a memory corruption via an overly large length value stored in the resource header in a specially crafted QuickTime movie file.

3) An error in the parsing of malformed Image Descriptor (IDSC) atoms can be exploited to cause a heap corruption via a specially crafted movie file.

4) A boundary error exists within the processing of compressed PICT images and can be exploited to cause a buffer overflow.

QuickTime 7.4 for Leopard: http://www.apple.com/support/downloads/quicktime74forleopard.html

QuickTime 7.4 for Tiger: http://www.apple.com/support/downloads/quicktime74fortiger.html

QuickTime 7.4 for Panther: http://www.apple.com/support/downloads/quicktime74forpanther.html

QuickTime 7.4 for Windows: http://www.apple.com/support/downloads/quicktime74forwindows.html

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Joe Schottman of Virginia Tech 2) Jun Mao, VeriSign iDefense Labs. 3) Cody Pierce, TippingPoint DVLabs 4) The vendor credits Chris Ries, Carnegie Mellon University Computing Services

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307301

TippingPoint DVLabs: http://dvlabs.tippingpoint.com/advisory/TPTI-08-01

iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption situation.

-- Vendor Response: http://docs.info.apple.com/article.html?artnum=307301

-- Disclosure Timeline: 2007.10.19 - Vulnerability reported to vendor 2008.01.15 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by Cody Pierce - TippingPoint DVLabs.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0012",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.1.70",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cody Pierce",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "62675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2008-0033",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2008-0033",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-30158",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0033",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200801-218",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30158",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. Apple QuickTime is prone to a memory-corruption vulnerability. \nAn attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. \nSuccessfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. \nThis issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. \n\n\nI. Description\n\n   Apple QuickTime 7.4 resolves multiple vulnerabilities in the way\n   different types of image and media files are handled. \n\n   Note that Apple iTunes installs QuickTime, so any system with iTunes\n   is vulnerable. \n\n\nII. For\n   further information, please see About the security content of\n   QuickTime 7.4. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n   Upgrade to QuickTime 7.4. This and other updates for Mac OS X are\n   available via Apple Update. \n\nSecure your web browser\n\n   To help mitigate these and other vulnerabilities that can be exploited\n   via a web browser, refer to Securing Your Web Browser. \n\n\nReferences\n\n    * About the security content of the QuickTime 7.4 Update -\n      \u003chttp://docs.info.apple.com/article.html?artnum=307301\u003e\n   \n    * How to tell if Software Update for Windows is working correctly\n      when no updates are available -\n      \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n     \n    * Apple - QuickTime - Download -\n      \u003chttp://www.apple.com/quicktime/download/\u003e\n     \n    * Mac OS X: Updating your software -\n      \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n     \n    * Securing Your Web Browser -\n      \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n     \n _________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA08-016A.html\u003e\n _________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA08-016A Feedback VU#818697\" in the\n   subject. \n _________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\n \nRevision History\n\n   January 16, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR45mevRFkHkM87XOAQLP6AgAj7J4sy83ZWEKfcDb2brgHptxAwqvArkZ\nHzV+5lGg1A86V4/MARlxXctWv5JH3e2knx5ZoMUN8napP9VEag2Ra68Zdh9lKu1S\nnfCRRwcIj38iakuv7xKrNt1AJHj3rHguzCjvWu8gHEJtlb15zqVr97Ci9LuNdLP3\nW4hdsIxuzYQl7Ou5+j0Z9bhH1WWZRjmabsop+b0ApxeZI2F6mJn0rscRvxPQYBls\nims6CP7YseK4+ElJHAMEJfW/6gPhwyedjgesd0jssYvhtYdufn4OCZvwL+p9QSlQ\n+E+UKcws4BHlEpg0dQhA13REQxwqqMgSWdm3NU8hbGdEJAJGH0cYNQ==\n=emKJ\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA28502\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28502/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which can\nbe exploited by malicious people to compromise a vulnerable system. \n\n2) An error exists in the processing of Macintosh Resources embedded\nin QuickTime movies. This can be exploited to cause a memory\ncorruption via an overly large length value stored in the resource\nheader in a specially crafted QuickTime movie file. \n\n3) An error in the parsing of malformed Image Descriptor (IDSC) atoms\ncan be exploited to cause a heap corruption via a specially crafted\nmovie file. \n\n4) A boundary error exists within the processing of compressed PICT\nimages and can be exploited to cause a buffer overflow. \n\nQuickTime 7.4 for Leopard:\nhttp://www.apple.com/support/downloads/quicktime74forleopard.html\n\nQuickTime 7.4 for Tiger:\nhttp://www.apple.com/support/downloads/quicktime74fortiger.html\n\nQuickTime 7.4 for Panther:\nhttp://www.apple.com/support/downloads/quicktime74forpanther.html\n\nQuickTime 7.4 for Windows:\nhttp://www.apple.com/support/downloads/quicktime74forwindows.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Joe Schottman of Virginia Tech\n2) Jun Mao, VeriSign iDefense Labs. \n3) Cody Pierce, TippingPoint DVLabs\n4) The vendor credits Chris Ries, Carnegie Mellon University\nComputing Services\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307301\n\nTippingPoint DVLabs:\nhttp://dvlabs.tippingpoint.com/advisory/TPTI-08-01\n\niDefense Labs:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Specifying a malicious atom size can result in\nan under allocated heap chunk and subsequently an exploitable heap\ncorruption situation. \n\n-- Vendor Response:\nhttp://docs.info.apple.com/article.html?artnum=307301\n\n-- Disclosure Timeline:\n2007.10.19 - Vulnerability reported to vendor\n2008.01.15 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Cody Pierce - TippingPoint DVLabs. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "BID",
        "id": "27299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "db": "PACKETSTORM",
        "id": "62716"
      },
      {
        "db": "PACKETSTORM",
        "id": "62685"
      },
      {
        "db": "PACKETSTORM",
        "id": "62675"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-30158",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0033",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "27299",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA08-016A",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "28502",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1019221",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0148",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "39697",
        "trust": 1.4
      },
      {
        "db": "USCERT",
        "id": "SA08-016A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20080115 TPTI-08-01: APPLE QUICKTIME IMAGE FILE IDSC ATOM MEMORY CORRUPTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-01-15",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA08-016A",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "11390",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "62675",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-30158",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62716",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62685",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "db": "BID",
        "id": "27299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "PACKETSTORM",
        "id": "62716"
      },
      {
        "db": "PACKETSTORM",
        "id": "62685"
      },
      {
        "db": "PACKETSTORM",
        "id": "62675"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "id": "VAR-200801-0012",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:12:13.114000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "QuickTime 7.4",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307301-en"
      },
      {
        "title": "QuickTime 7.4",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307301-ja"
      },
      {
        "title": "TA08-016A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-016a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/27299"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-016a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1019221"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/28502"
      },
      {
        "trust": 2.1,
        "url": "http://dvlabs.tippingpoint.com/advisory/tpti-08-01"
      },
      {
        "trust": 1.9,
        "url": "http://docs.info.apple.com/article.html?artnum=307301"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/jan/msg00001.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/0148"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/39697"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0148"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0033"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-016a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-016a"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0033"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-016a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2008/20080117_135357.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486413/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/11390"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/swupdates/"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-016a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=307301\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime74forleopard.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime74forwindows.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5090/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28502/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime74fortiger.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime74forpanther.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/tpti-08-01.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0033"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "db": "BID",
        "id": "27299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "PACKETSTORM",
        "id": "62716"
      },
      {
        "db": "PACKETSTORM",
        "id": "62685"
      },
      {
        "db": "PACKETSTORM",
        "id": "62675"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "db": "BID",
        "id": "27299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "db": "PACKETSTORM",
        "id": "62716"
      },
      {
        "db": "PACKETSTORM",
        "id": "62685"
      },
      {
        "db": "PACKETSTORM",
        "id": "62675"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "date": "2008-01-15T00:00:00",
        "db": "BID",
        "id": "27299"
      },
      {
        "date": "2008-01-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "date": "2008-01-17T05:49:01",
        "db": "PACKETSTORM",
        "id": "62716"
      },
      {
        "date": "2008-01-17T04:45:41",
        "db": "PACKETSTORM",
        "id": "62685"
      },
      {
        "date": "2008-01-16T05:52:04",
        "db": "PACKETSTORM",
        "id": "62675"
      },
      {
        "date": "2008-01-16T03:00:00",
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "date": "2008-01-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30158"
      },
      {
        "date": "2008-01-16T18:18:00",
        "db": "BID",
        "id": "27299"
      },
      {
        "date": "2008-01-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      },
      {
        "date": "2018-10-15T21:57:07.137000",
        "db": "NVD",
        "id": "CVE-2008-0033"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "62716"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime In  Image Descriptor (IDSC) Atom analysis memory corruption vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001037"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-218"
      }
    ],
    "trust": 0.6
  }
}

GSD-2008-0033

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0033

Aliases

CVE-2008-0033

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0033",
    "description": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.",
    "id": "GSD-2008-0033"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0033"
      ],
      "details": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.",
      "id": "GSD-2008-0033",
      "modified": "2023-12-13T01:22:59.120041Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0033",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
          },
          {
            "name": "28502",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28502"
          },
          {
            "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01",
            "refsource": "MISC",
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307301",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307301"
          },
          {
            "name": "TA08-016A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
          },
          {
            "name": "APPLE-SA-2008-01-15",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
          },
          {
            "name": "ADV-2008-0148",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0148"
          },
          {
            "name": "27299",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27299"
          },
          {
            "name": "1019221",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019221"
          },
          {
            "name": "quicktime-idsc-code-execution(39697)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.1.70",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0033"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-01-15",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307301",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307301"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
            },
            {
              "name": "TA08-016A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
            },
            {
              "name": "1019221",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019221"
            },
            {
              "name": "28502",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28502"
            },
            {
              "name": "27299",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27299"
            },
            {
              "name": "ADV-2008-0148",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0148"
            },
            {
              "name": "quicktime-idsc-code-execution(39697)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
            },
            {
              "name": "20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:57Z",
      "publishedDate": "2008-01-16T03:00Z"
    }
  }
}

FKIE_CVE-2008-0033

Vulnerability from fkie_nvd - Published: 2008-01-16 03:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307301
cve@mitre.org	http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html
cve@mitre.org	http://secunia.com/advisories/28502	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/486413/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27299
cve@mitre.org	http://www.securitytracker.com/id?1019221
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-016A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0148	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39697
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307301
af854a3a-2127-422b-91ae-364da2661108	http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28502	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486413/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27299
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019221
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-016A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0148	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39697

Impacted products

	Vendor	Product	Version
	apple	quicktime	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93D8F3E-D7CF-4C11-BE95-BD5BBEB3F7B3",
              "versionEndIncluding": "7.3.1.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Apple QuickTime versiones anteriores a 7.4, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (finalizaci\u00f3n de aplicaci\u00f3n) y ejecutar c\u00f3digo arbitrario por medio de un archivo de pel\u00edcula con \u00e1tomos de Image Descriptor (IDSC) que contiene un tama\u00f1o de \u00e1tomo no v\u00e1lido, lo que desencadena una corrupci\u00f3n de la memoria."
    }
  ],
  "id": "CVE-2008-0033",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-01-16T03:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307301"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019221"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0148"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486413/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39697"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0033 (GCVE-0-2008-0033)

GHSA-P63G-J95C-8CVH

CERTA-2008-AVI-025

Description

Solution

CERTA-2008-AVI-025

Description

Solution

VAR-200801-0012

GSD-2008-0033

FKIE_CVE-2008-0033

Tags

Sightings

Nomenclature