cvelistv5 - cve-2008-0234

CVE-2008-0234 (GCVE-0-2008-0234)

Vulnerability from cvelistv5 – Published: 2008-01-11 02:00 – Updated: 2024-08-07 07:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.exploit-db.com/exploits/4885	exploitx_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/486161/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/486091/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/2064…	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://www.exploit-db.com/exploits/4906	exploitx_refsource_EXPLOIT-DB
	http://secunia.com/advisories/31034	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/486268/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/486174/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/archive/1/486114/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/27225	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/112179	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/486241/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/486238/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/0107	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/3537	third-party-advisoryx_refsource_SREASON
	http://www.securitytracker.com/id?1019178	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/28423	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:34.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "4885",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4885"
          },
          {
            "name": "quicktime-rtsp-responses-bo(39601)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
          },
          {
            "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
          },
          {
            "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
          },
          {
            "name": "ADV-2008-2064",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2064/references"
          },
          {
            "name": "APPLE-SA-2008-02-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
          },
          {
            "name": "4906",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4906"
          },
          {
            "name": "31034",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31034"
          },
          {
            "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
          },
          {
            "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2008-07-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
          },
          {
            "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
          },
          {
            "name": "27225",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27225"
          },
          {
            "name": "VU#112179",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/112179"
          },
          {
            "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
          },
          {
            "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
          },
          {
            "name": "ADV-2008-0107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0107"
          },
          {
            "name": "3537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3537"
          },
          {
            "name": "1019178",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019178"
          },
          {
            "name": "28423",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "4885",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4885"
        },
        {
          "name": "quicktime-rtsp-responses-bo(39601)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
        },
        {
          "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
        },
        {
          "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
        },
        {
          "name": "ADV-2008-2064",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2064/references"
        },
        {
          "name": "APPLE-SA-2008-02-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
        },
        {
          "name": "4906",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4906"
        },
        {
          "name": "31034",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31034"
        },
        {
          "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
        },
        {
          "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2008-07-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
        },
        {
          "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
        },
        {
          "name": "27225",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27225"
        },
        {
          "name": "VU#112179",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/112179"
        },
        {
          "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
        },
        {
          "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
        },
        {
          "name": "ADV-2008-0107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0107"
        },
        {
          "name": "3537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3537"
        },
        {
          "name": "1019178",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019178"
        },
        {
          "name": "28423",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "4885",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4885"
            },
            {
              "name": "quicktime-rtsp-responses-bo(39601)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
            },
            {
              "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
            },
            {
              "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
            },
            {
              "name": "ADV-2008-2064",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2064/references"
            },
            {
              "name": "APPLE-SA-2008-02-06",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
            },
            {
              "name": "4906",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4906"
            },
            {
              "name": "31034",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31034"
            },
            {
              "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
            },
            {
              "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2008-07-10",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
            },
            {
              "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
            },
            {
              "name": "27225",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27225"
            },
            {
              "name": "VU#112179",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/112179"
            },
            {
              "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
            },
            {
              "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
            },
            {
              "name": "ADV-2008-0107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0107"
            },
            {
              "name": "3537",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3537"
            },
            {
              "name": "1019178",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019178"
            },
            {
              "name": "28423",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0234",
    "datePublished": "2008-01-11T02:00:00",
    "dateReserved": "2008-01-10T00:00:00",
    "dateUpdated": "2024-08-07T07:39:34.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31662D02-7FA9-4FAD-BE49-194B7295CEE1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en Apple Quicktime Player versi\\u00f3n 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP est\\u00e1 habilitado, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de una respuesta Reason-Phrase larga a una petici\\u00f3n rtsp://, como es demostrado usando un mensaje de error 404.\"}]",
      "id": "CVE-2008-0234",
      "lastModified": "2024-11-21T00:41:27.997",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-01-11T02:46:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28423\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31034\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3537\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/112179\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/486091/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486114/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486161/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486174/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486238/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486241/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486268/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27225\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019178\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0107\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2064/references\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39601\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/4885\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/4906\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3537\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/112179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/486091/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486114/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486161/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486174/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486238/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486241/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486268/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019178\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2064/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/4885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/4906\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0234\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-11T02:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en Apple Quicktime Player versi\u00f3n 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una respuesta Reason-Phrase larga a una petici\u00f3n rtsp://, como es demostrado usando un mensaje de error 404.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31662D02-7FA9-4FAD-BE49-194B7295CEE1\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28423\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31034\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3537\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/112179\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/486091/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486114/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486161/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486174/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486238/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486241/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486268/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27225\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019178\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0107\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2064/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39601\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/4885\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/4906\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/112179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/486091/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486114/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486174/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486238/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486241/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486268/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2064/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/4885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/4906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-H6V5-M9CF-GC4P

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2022-05-01 23:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-11T02:46:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.",
  "id": "GHSA-h6v5-m9cf-gc4p",
  "modified": "2022-05-01T23:28:31Z",
  "published": "2022-05-01T23:28:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0234"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4885"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4906"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28423"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31034"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3537"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/112179"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27225"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019178"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0107"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2064/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0234

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0234

Aliases

CVE-2008-0234

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0234",
    "description": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.",
    "id": "GSD-2008-0234"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0234"
      ],
      "details": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.",
      "id": "GSD-2008-0234",
      "modified": "2023-12-13T01:22:58.910748Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0234",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "4885",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4885"
          },
          {
            "name": "quicktime-rtsp-responses-bo(39601)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
          },
          {
            "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
          },
          {
            "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
          },
          {
            "name": "ADV-2008-2064",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2064/references"
          },
          {
            "name": "APPLE-SA-2008-02-06",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
          },
          {
            "name": "4906",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4906"
          },
          {
            "name": "31034",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31034"
          },
          {
            "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
          },
          {
            "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2008-07-10",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
          },
          {
            "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
          },
          {
            "name": "27225",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27225"
          },
          {
            "name": "VU#112179",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/112179"
          },
          {
            "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
          },
          {
            "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
          },
          {
            "name": "ADV-2008-0107",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0107"
          },
          {
            "name": "3537",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3537"
          },
          {
            "name": "1019178",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019178"
          },
          {
            "name": "28423",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28423"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0234"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#112179",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/112179"
            },
            {
              "name": "27225",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/27225"
            },
            {
              "name": "1019178",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019178"
            },
            {
              "name": "28423",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28423"
            },
            {
              "name": "APPLE-SA-2008-02-06",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
            },
            {
              "name": "3537",
              "refsource": "SREASON",
              "tags": [
                "Exploit"
              ],
              "url": "http://securityreason.com/securityalert/3537"
            },
            {
              "name": "31034",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31034"
            },
            {
              "name": "APPLE-SA-2008-07-10",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
            },
            {
              "name": "ADV-2008-2064",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2064/references"
            },
            {
              "name": "ADV-2008-0107",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0107"
            },
            {
              "name": "quicktime-rtsp-responses-bo(39601)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
            },
            {
              "name": "4906",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4906"
            },
            {
              "name": "4885",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4885"
            },
            {
              "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
            },
            {
              "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
            },
            {
              "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
            },
            {
              "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
            },
            {
              "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
            },
            {
              "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
            },
            {
              "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:58Z",
      "publishedDate": "2008-01-11T02:46Z"
    }
  }
}

FKIE_CVE-2008-0234

Vulnerability from fkie_nvd - Published: 2008-01-11 02:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html
cve@mitre.org	http://secunia.com/advisories/28423	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/31034	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3537	Exploit
cve@mitre.org	http://www.kb.cert.org/vuls/id/112179	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/486091/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486114/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486161/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486174/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486238/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486241/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486268/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27225	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019178
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0107	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2064/references	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39601
cve@mitre.org	https://www.exploit-db.com/exploits/4885
cve@mitre.org	https://www.exploit-db.com/exploits/4906
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31034	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3537	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/112179	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486091/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486114/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486161/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486174/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486238/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486241/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486268/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27225	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019178
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2064/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39601
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4885
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4906

Impacted products

	Vendor	Product	Version
	apple	quicktime	7.3.1.70
	apple	quicktime	7.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31662D02-7FA9-4FAD-BE49-194B7295CEE1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en Apple Quicktime Player versi\u00f3n 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una respuesta Reason-Phrase larga a una petici\u00f3n rtsp://, como es demostrado usando un mensaje de error 404."
    }
  ],
  "id": "CVE-2008-0234",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-01-11T02:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28423"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31034"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/3537"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/112179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27225"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2064/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4885"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/3537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/112179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2064/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4906"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-ALE-001

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité affectant Apple QuickTime permet à un individu malveillant d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité dans le logiciel multimédia Apple QuickTime permet à une personne malintentionnée l'exécution de code arbitraire à distance via un dépassement de mémoire tampon lors d'une tentative infructueuse de lecture d'un fichier via le protocole Real Time Streaming Protocol (RTSP).

Une fonctionnalité de QuickTime permet de basculer automatiquement du protocole RTSP au protocole HTTP lorsque le port par défaut RTSP n'est pas joignable (554/tcp et 554/udp). Une page d'erreur spécialement conçue pour le protocole HTTP permet l'exploitation de cette vulnérabilité. Des codes d'exploitation ont été diffusés sur l'Internet.

Cette vulnérabilité concerne les machines ayant une version QuickTime à jour, et indépendemment du système d'exploitation installé.

Contournement provisoire

Parmis les contournements provisoires, on note :

Vérifier que la prise en charge des liens RTSP est désactivée dans QuickTime en décochant la case Édition -> Préférences -> Préférences de QuickTime -> Types de fichiers -> Enchaînement - séquence en temps réel -> Descripteur de flux RTSP ;

Cette option, qui n'est pas activée par défaut, ne comble en rien la vulnérabilité mais permet de d'éviter l'ouverture de lien malveillant par QuickTime.

vérifier la politique de filtrage des flux sortants. QuickTime essaie de se connecter au serveur sur différents ports (rtsp : 554 puis HTTP : 80), mais la politique de filtrage peut influencer ce passage. Ainsi, si les flux sortants vers les ports 554/TCP et 554/UDP sont filtrés et engendrent une absence de réponse dans un intervalle de temps suffisant, QuickTime n'effectue plus la tentative de connexion en HTTP.
utiliser un lecteur alternatif.

Solution

Mise à jour du 07 février 2008 :

Apple a corrigé cette vulnérabilité dans la version 7.4.1 de QuickTime, mentionnée dans l'avis CERTA-2008-AVI-059.

Apple QuickTime version 7.3.1.70.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis du CERTA CERTA-2008-AVI-059 du 07 février 2008 :	-	other
Note de vulnérabilité de l'US-CERT VU#112179 du 10 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple QuickTime version 7.3.1.70.\u003c/P\u003e",
  "closed_at": "2008-02-07",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le logiciel multim\u00e9dia Apple QuickTime permet \u00e0\nune personne malintentionn\u00e9e l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nvia un d\u00e9passement de m\u00e9moire tampon lors d\u0027une tentative infructueuse\nde lecture d\u0027un fichier via le protocole Real Time Streaming Protocol\n(RTSP).\n\nUne fonctionnalit\u00e9 de QuickTime permet de basculer automatiquement du\nprotocole RTSP au protocole HTTP lorsque le port par d\u00e9faut RTSP n\u0027est\npas joignable (554/tcp et 554/udp). Une page d\u0027erreur sp\u00e9cialement\ncon\u00e7ue pour le protocole HTTP permet l\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9. Des codes d\u0027exploitation ont \u00e9t\u00e9 diffus\u00e9s sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 concerne les machines ayant une version QuickTime \u00e0\njour, et ind\u00e9pendemment du syst\u00e8me d\u0027exploitation install\u00e9.\n\n## Contournement provisoire\n\nParmis les contournements provisoires, on note :\n\n-   V\u00e9rifier que la prise en charge des liens RTSP est d\u00e9sactiv\u00e9e dans\n    QuickTime en d\u00e9cochant la case \u00c9dition -\\\u003e Pr\u00e9f\u00e9rences -\\\u003e\n    Pr\u00e9f\u00e9rences de QuickTime -\\\u003e Types de fichiers -\\\u003e Encha\u00eenement -\n    s\u00e9quence en temps r\u00e9el -\\\u003e Descripteur de flux RTSP ;\n\nCette option, qui n\u0027est pas activ\u00e9e par d\u00e9faut, ne comble en rien la\nvuln\u00e9rabilit\u00e9 mais permet de d\u0027\u00e9viter l\u0027ouverture de lien malveillant\npar QuickTime.\n\n-   v\u00e9rifier la politique de filtrage des flux sortants. QuickTime\n    essaie de se connecter au serveur sur diff\u00e9rents ports (rtsp : 554\n    puis HTTP : 80), mais la politique de filtrage peut influencer ce\n    passage. Ainsi, si les flux sortants vers les ports 554/TCP et\n    554/UDP sont filtr\u00e9s et engendrent une absence de r\u00e9ponse dans un\n    intervalle de temps suffisant, QuickTime n\u0027effectue plus la\n    tentative de connexion en HTTP.\n-   utiliser un lecteur alternatif.\n\n## Solution\n\nMise \u00e0 jour du 07 f\u00e9vrier 2008 :\n\nApple a corrig\u00e9 cette vuln\u00e9rabilit\u00e9 dans la version 7.4.1 de QuickTime,\nmentionn\u00e9e dans l\u0027avis CERTA-2008-AVI-059.\n",
  "cves": [
    {
      "name": "CVE-2008-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0234"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2008-AVI-059 du 07 f\u00e9vrier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-059/"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#112179 du 10 janvier    2008 :",
      "url": "http://www.kb.cert.org/vuls/id/112179"
    }
  ],
  "reference": "CERTA-2008-ALE-001",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-11T00:00:00.000000"
    },
    {
      "description": "pr\u00e9cisions concernant le filtrage.",
      "revision_date": "2008-01-14T00:00:00.000000"
    },
    {
      "description": "correction apport\u00e9e par Apple dans la version 7.4.1 de QuickTime.",
      "revision_date": "2008-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant Apple QuickTime permet \u00e0 un individu\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apple QuickTime",
  "vendor_advisories": []
}

CERTA-2008-ALE-001

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité affectant Apple QuickTime permet à un individu malveillant d'exécuter du code arbitraire à distance.

Description

Cette vulnérabilité concerne les machines ayant une version QuickTime à jour, et indépendemment du système d'exploitation installé.

Contournement provisoire

Parmis les contournements provisoires, on note :

Vérifier que la prise en charge des liens RTSP est désactivée dans QuickTime en décochant la case Édition -> Préférences -> Préférences de QuickTime -> Types de fichiers -> Enchaînement - séquence en temps réel -> Descripteur de flux RTSP ;

Cette option, qui n'est pas activée par défaut, ne comble en rien la vulnérabilité mais permet de d'éviter l'ouverture de lien malveillant par QuickTime.

vérifier la politique de filtrage des flux sortants. QuickTime essaie de se connecter au serveur sur différents ports (rtsp : 554 puis HTTP : 80), mais la politique de filtrage peut influencer ce passage. Ainsi, si les flux sortants vers les ports 554/TCP et 554/UDP sont filtrés et engendrent une absence de réponse dans un intervalle de temps suffisant, QuickTime n'effectue plus la tentative de connexion en HTTP.
utiliser un lecteur alternatif.

Solution

Mise à jour du 07 février 2008 :

Apple a corrigé cette vulnérabilité dans la version 7.4.1 de QuickTime, mentionnée dans l'avis CERTA-2008-AVI-059.

Apple QuickTime version 7.3.1.70.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis du CERTA CERTA-2008-AVI-059 du 07 février 2008 :	-	other
Note de vulnérabilité de l'US-CERT VU#112179 du 10 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple QuickTime version 7.3.1.70.\u003c/P\u003e",
  "closed_at": "2008-02-07",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le logiciel multim\u00e9dia Apple QuickTime permet \u00e0\nune personne malintentionn\u00e9e l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nvia un d\u00e9passement de m\u00e9moire tampon lors d\u0027une tentative infructueuse\nde lecture d\u0027un fichier via le protocole Real Time Streaming Protocol\n(RTSP).\n\nUne fonctionnalit\u00e9 de QuickTime permet de basculer automatiquement du\nprotocole RTSP au protocole HTTP lorsque le port par d\u00e9faut RTSP n\u0027est\npas joignable (554/tcp et 554/udp). Une page d\u0027erreur sp\u00e9cialement\ncon\u00e7ue pour le protocole HTTP permet l\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9. Des codes d\u0027exploitation ont \u00e9t\u00e9 diffus\u00e9s sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 concerne les machines ayant une version QuickTime \u00e0\njour, et ind\u00e9pendemment du syst\u00e8me d\u0027exploitation install\u00e9.\n\n## Contournement provisoire\n\nParmis les contournements provisoires, on note :\n\n-   V\u00e9rifier que la prise en charge des liens RTSP est d\u00e9sactiv\u00e9e dans\n    QuickTime en d\u00e9cochant la case \u00c9dition -\\\u003e Pr\u00e9f\u00e9rences -\\\u003e\n    Pr\u00e9f\u00e9rences de QuickTime -\\\u003e Types de fichiers -\\\u003e Encha\u00eenement -\n    s\u00e9quence en temps r\u00e9el -\\\u003e Descripteur de flux RTSP ;\n\nCette option, qui n\u0027est pas activ\u00e9e par d\u00e9faut, ne comble en rien la\nvuln\u00e9rabilit\u00e9 mais permet de d\u0027\u00e9viter l\u0027ouverture de lien malveillant\npar QuickTime.\n\n-   v\u00e9rifier la politique de filtrage des flux sortants. QuickTime\n    essaie de se connecter au serveur sur diff\u00e9rents ports (rtsp : 554\n    puis HTTP : 80), mais la politique de filtrage peut influencer ce\n    passage. Ainsi, si les flux sortants vers les ports 554/TCP et\n    554/UDP sont filtr\u00e9s et engendrent une absence de r\u00e9ponse dans un\n    intervalle de temps suffisant, QuickTime n\u0027effectue plus la\n    tentative de connexion en HTTP.\n-   utiliser un lecteur alternatif.\n\n## Solution\n\nMise \u00e0 jour du 07 f\u00e9vrier 2008 :\n\nApple a corrig\u00e9 cette vuln\u00e9rabilit\u00e9 dans la version 7.4.1 de QuickTime,\nmentionn\u00e9e dans l\u0027avis CERTA-2008-AVI-059.\n",
  "cves": [
    {
      "name": "CVE-2008-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0234"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2008-AVI-059 du 07 f\u00e9vrier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-059/"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#112179 du 10 janvier    2008 :",
      "url": "http://www.kb.cert.org/vuls/id/112179"
    }
  ],
  "reference": "CERTA-2008-ALE-001",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-11T00:00:00.000000"
    },
    {
      "description": "pr\u00e9cisions concernant le filtrage.",
      "revision_date": "2008-01-14T00:00:00.000000"
    },
    {
      "description": "correction apport\u00e9e par Apple dans la version 7.4.1 de QuickTime.",
      "revision_date": "2008-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant Apple QuickTime permet \u00e0 un individu\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apple QuickTime",
  "vendor_advisories": []
}

CERTA-2008-AVI-059

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans les applications Apple QuickTime et iPhoto. L'une d'elles a d'ailleurs fait l'objet de l'alerte CERTA-2008-ALE-001 publiée le 11 janvier 2008.

Les conséquences de l'exploitation de ces vulnérabilités sont variées, permettant pour certaines d'exécuter du code arbitraire à distance sur un système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans les applications Apple QuickTime et iPhoto.

L'une d'elles, sur QuickTime, a d'ailleurs fait l'objet de l'alerte CERTA-2008-ALE-001 publiée le 11 janvier 2008. Elle concerne un dépassement de mémoire tampon lors d'une tentative infructueuse de lecture de lecture d'un fichier via le protocole Real Time Streaming Protocol (RTSP).

iPhoto, quant à lui, ne manipulerait pas correctement certaines diffusions de photos (photocast) spécialement construites.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	les versions d'Apple iPhoto antérieures à 7.1.2.
	Apple	N/A	Les versions d'Apple QuickTime antérieures à 7.4.1 ;

References

Title

Publication Time

Tags

Bulletins de sécurité Apple 307407 et 307398 du 04 février 2008	None	vendor-advisory
Bulletin de sécurité Apple 307407 du 04 février 2008 :	-	other
Bulletin de sécurité Apple 307398 du 04 février 2008 :	-	other
Document du CERTA CERTA-2008-ALE-001 du 14 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions d\u0027Apple iPhoto ant\u00e9rieures \u00e0 7.1.2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Les versions d\u0027Apple QuickTime ant\u00e9rieures \u00e0 7.4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les applications Apple\nQuickTime et iPhoto.\n\nL\u0027une d\u0027elles, sur QuickTime, a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-001 publi\u00e9e le 11 janvier 2008. Elle concerne un\nd\u00e9passement de m\u00e9moire tampon lors d\u0027une tentative infructueuse de\nlecture de lecture d\u0027un fichier via le protocole Real Time Streaming\nProtocol (RTSP).\n\niPhoto, quant \u00e0 lui, ne manipulerait pas correctement certaines\ndiffusions de photos (photocast) sp\u00e9cialement construites.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0234"
    },
    {
      "name": "CVE-2008-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0043"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307407 du 04 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307407"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307398 du 04 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307398"
    },
    {
      "title": "Document du CERTA CERTA-2008-ALE-001 du 14 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-001/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-059",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les applications Apple\nQuickTime et iPhoto. L\u0027une d\u0027elles a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-001 publi\u00e9e le 11 janvier 2008.\n\nLes cons\u00e9quences de l\u0027exploitation de ces vuln\u00e9rabilit\u00e9s sont vari\u00e9es,\npermettant pour certaines d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur\nun syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime et iPhoto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Apple 307407 et 307398 du 04 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-059

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans les applications Apple QuickTime et iPhoto. L'une d'elles a d'ailleurs fait l'objet de l'alerte CERTA-2008-ALE-001 publiée le 11 janvier 2008.

Les conséquences de l'exploitation de ces vulnérabilités sont variées, permettant pour certaines d'exécuter du code arbitraire à distance sur un système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans les applications Apple QuickTime et iPhoto.

iPhoto, quant à lui, ne manipulerait pas correctement certaines diffusions de photos (photocast) spécialement construites.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	les versions d'Apple iPhoto antérieures à 7.1.2.
	Apple	N/A	Les versions d'Apple QuickTime antérieures à 7.4.1 ;

References

Title

Publication Time

Tags

Bulletins de sécurité Apple 307407 et 307398 du 04 février 2008	None	vendor-advisory
Bulletin de sécurité Apple 307407 du 04 février 2008 :	-	other
Bulletin de sécurité Apple 307398 du 04 février 2008 :	-	other
Document du CERTA CERTA-2008-ALE-001 du 14 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions d\u0027Apple iPhoto ant\u00e9rieures \u00e0 7.1.2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Les versions d\u0027Apple QuickTime ant\u00e9rieures \u00e0 7.4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les applications Apple\nQuickTime et iPhoto.\n\nL\u0027une d\u0027elles, sur QuickTime, a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-001 publi\u00e9e le 11 janvier 2008. Elle concerne un\nd\u00e9passement de m\u00e9moire tampon lors d\u0027une tentative infructueuse de\nlecture de lecture d\u0027un fichier via le protocole Real Time Streaming\nProtocol (RTSP).\n\niPhoto, quant \u00e0 lui, ne manipulerait pas correctement certaines\ndiffusions de photos (photocast) sp\u00e9cialement construites.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0234"
    },
    {
      "name": "CVE-2008-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0043"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307407 du 04 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307407"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307398 du 04 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307398"
    },
    {
      "title": "Document du CERTA CERTA-2008-ALE-001 du 14 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-001/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-059",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les applications Apple\nQuickTime et iPhoto. L\u0027une d\u0027elles a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-001 publi\u00e9e le 11 janvier 2008.\n\nLes cons\u00e9quences de l\u0027exploitation de ces vuln\u00e9rabilit\u00e9s sont vari\u00e9es,\npermettant pour certaines d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur\nun syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime et iPhoto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Apple 307407 et 307398 du 04 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

VAR-200801-0212

Vulnerability from variot - Updated: 2023-12-18 12:12

Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Winodws Plate and Mac Edition QuickTime Are affected by this vulnerability. Also, iTunes Such QuickTime Systems that have installed software that uses Microsoft are also affected by this vulnerability. In addition, verification code that exploits this vulnerability has already been published. 2008/01/16 Apple Is Quicktime 7.4 Was released, but after confirming it based on the verification code for this case, Quicktime 7.3 The same phenomenon as the access violation that occurred in was confirmed. Care must be taken until a formal measure is released on this matter.Various web page content and Quicktime Crafted by a remote third party through a media link file RTSP stream Arbitrary code execution or denial of service due to user connection to (DoS) You can be attacked. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. NOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. If the user follows the rtsp:// connection and the server's port 554 is closed, Quicktime will automatically change the transmission method and try the HTTP protocol on port 80, and the LCD type screen will display the server's 404 error message. ----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/

TITLE: Apple TV Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA31034

VERIFY ADVISORY: http://secunia.com/advisories/31034/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

OPERATING SYSTEM: Apple TV 2.x http://secunia.com/product/19289/

DESCRIPTION: Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system.

1) A boundary error in the handling of data reference atoms in movie files can be exploited to cause a buffer overflow.

For more information see vulnerability #3 in: SA29650

2) A boundary error in the handling of "crgn" atoms in movie files can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #5 in: SA29650

3) A boundary error in the handling of "chan" atoms in movie files can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #6 in: SA29650

4) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs.

For more information: SA28423

6) A boundary error when processing compressed PICT images can be exploited to cause a buffer overflow.

For more information see vulnerability #4 in: SA28502

SOLUTION: Update to version 2.1.

PROVIDED AND/OR DISCOVERED BY: 1,6) Chris Ries of Carnegie Mellon University Computing Services. 2) Sanbin Li, reporting via ZDI. 3) An anonymous researcher, reporting via ZDI. 4) Independently discovered by: * Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs * Petko D. (pdp) Petkov, GNUCITIZEN 5) Luigi Auriemma

ORIGINAL ADVISORY: http://support.apple.com/kb/HT2304

OTHER REFERENCES: SA28423: http://secunia.com/advisories/28423/

SA28502: http://secunia.com/advisories/28502/

SA29293: http://secunia.com/advisories/29293/

SA29650: http://secunia.com/advisories/29650/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. sending a specially crafted reply containing an overly-long "Reason-Phrase".

Successful exploitation may allow execution of arbitrary code, but requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

SOLUTION: Do not browse untrusted websites, open malicious .QTL files, or follow untrusted links

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0212",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.0 from  7.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "db": "BID",
        "id": "27225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma  aluigi@pivx.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0234",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-0234",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-30359",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0234",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#112179",
            "trust": 0.8,
            "value": "13.47"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-0234",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200801-182",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30359",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Winodws Plate and Mac Edition QuickTime Are affected by this vulnerability. Also, iTunes Such QuickTime Systems that have installed software that uses Microsoft are also affected by this vulnerability. In addition, verification code that exploits this vulnerability has already been published. 2008/01/16 Apple Is Quicktime 7.4 Was released, but after confirming it based on the verification code for this case, Quicktime 7.3 The same phenomenon as the access violation that occurred in was confirmed. Care must be taken until a formal measure is released on this matter.Various web page content and Quicktime Crafted by a remote third party through a media link file RTSP stream Arbitrary code execution or denial of service due to user connection to (DoS) You can be attacked. \nAttackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. \nNOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. If the user follows the rtsp:// connection and the server\u0027s port 554 is closed, Quicktime will automatically change the transmission method and try the HTTP protocol on port 80, and the LCD type screen will display the server\u0027s 404 error message. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple TV Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31034\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31034/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple TV 2.x\nhttp://secunia.com/product/19289/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple TV, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n1) A boundary error in the handling of data reference atoms in movie\nfiles can be exploited to cause a buffer overflow. \n\nFor more information see vulnerability #3 in:\nSA29650\n\n2) A boundary error in the handling of \"crgn\" atoms in movie files\ncan be exploited to cause a heap-based buffer overflow. \n\nFor more information see vulnerability #5 in:\nSA29650\n\n3) A boundary error in the handling of \"chan\" atoms in movie files\ncan be exploited to cause a heap-based buffer overflow. \n\nFor more information see vulnerability #6 in:\nSA29650\n\n4) An error in the handling of \"file:\" URLs can be exploited to e.g. \nexecute arbitrary programs. \n\nFor more information:\nSA28423\n\n6) A boundary error when processing compressed PICT images can be\nexploited to cause a buffer overflow. \n\nFor more information see vulnerability #4 in:\nSA28502\n\nSOLUTION:\nUpdate to version 2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n1,6) Chris Ries of Carnegie Mellon University Computing Services. \n2) Sanbin Li, reporting via ZDI. \n3) An anonymous researcher, reporting via ZDI. \n4) Independently discovered by:\n* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs\n* Petko D. (pdp) Petkov, GNUCITIZEN\n5) Luigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT2304\n\nOTHER REFERENCES:\nSA28423:\nhttp://secunia.com/advisories/28423/\n\nSA28502:\nhttp://secunia.com/advisories/28502/\n\nSA29293:\nhttp://secunia.com/advisories/29293/\n\nSA29650:\nhttp://secunia.com/advisories/29650/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \nsending a specially crafted reply containing an overly-long\n\"Reason-Phrase\". \n\nSuccessful exploitation may allow execution of arbitrary code, but\nrequires that the user is e.g. tricked into opening a malicious QTL\nfile or visiting a malicious web site. \n\nSOLUTION:\nDo not browse untrusted websites, open malicious .QTL files, or\nfollow untrusted links",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "BID",
        "id": "27225"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "db": "PACKETSTORM",
        "id": "68131"
      },
      {
        "db": "PACKETSTORM",
        "id": "62662"
      }
    ],
    "trust": 2.88
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-30359",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#112179",
        "trust": 3.7
      },
      {
        "db": "SECUNIA",
        "id": "28423",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "27225",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234",
        "trust": 2.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4906",
        "trust": 2.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4885",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1019178",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "31034",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2064",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0107",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3537",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "39601",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182",
        "trust": 0.7
      },
      {
        "db": "MILW0RM",
        "id": "4885",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "4906",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080111 RE: RE: BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080110 RE: BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080114 RE: [FULL-DISCLOSURE] BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080112 RE: BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080112 RE: RE: BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080110 BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080111 RE: BUFFER-OVERFLOW IN QUICKTIME PLAYER 7.3.1.70",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-07-10",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-02-06",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "11373",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-65116",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-30359",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "68131",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62662",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "db": "BID",
        "id": "27225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "PACKETSTORM",
        "id": "68131"
      },
      {
        "db": "PACKETSTORM",
        "id": "62662"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "id": "VAR-200801-0212",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:12:12.743000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "QuickTime - \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/quicktime/download/"
      },
      {
        "title": "QuickTime 7.4.1",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307407-en"
      },
      {
        "title": "Apple TV 2.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht2304"
      },
      {
        "title": "Apple TV 2.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht2304?locale=ja_jp"
      },
      {
        "title": "QuickTime 7.4.1",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307407"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.kb.cert.org/vuls/id/112179"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/27225"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/28423/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/feb/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008//jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1019178"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28423"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31034"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3537"
      },
      {
        "trust": 1.4,
        "url": "http://www.milw0rm.com/exploits/4885"
      },
      {
        "trust": 1.4,
        "url": "http://www.milw0rm.com/exploits/4906"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/0107"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/39601"
      },
      {
        "trust": 1.1,
        "url": "http://docs.info.apple.com/article.html?artnum=307407"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/4885"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/4906"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0107"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2064/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc2326"
      },
      {
        "trust": 0.8,
        "url": "http://noscript.net/features#contentblocking"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/"
      },
      {
        "trust": 0.8,
        "url": "http://plugindoc.mozdev.org/faqs/uninstall.html"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0234"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23112179/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0234"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1019178"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2008/20080207_164356.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2064/references"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486268/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486241/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486238/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486174/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486161/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486114/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486091/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/11373"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486091"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486238"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486186"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486114"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31034/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28502/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht2304"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/19289/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29293/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/about_secunia/64/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29650/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5090/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://aluigi.altervista.org/adv/quicktimebof-adv.txt"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "db": "BID",
        "id": "27225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "PACKETSTORM",
        "id": "68131"
      },
      {
        "db": "PACKETSTORM",
        "id": "62662"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "db": "BID",
        "id": "27225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "db": "PACKETSTORM",
        "id": "68131"
      },
      {
        "db": "PACKETSTORM",
        "id": "62662"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-10T00:00:00",
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "date": "2008-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "date": "2008-01-10T00:00:00",
        "db": "BID",
        "id": "27225"
      },
      {
        "date": "2008-01-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "date": "2008-07-11T22:41:13",
        "db": "PACKETSTORM",
        "id": "68131"
      },
      {
        "date": "2008-01-16T05:28:37",
        "db": "PACKETSTORM",
        "id": "62662"
      },
      {
        "date": "2008-01-11T02:46:00",
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "date": "2008-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-02-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#112179"
      },
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30359"
      },
      {
        "date": "2008-07-10T19:19:00",
        "db": "BID",
        "id": "27225"
      },
      {
        "date": "2008-07-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001017"
      },
      {
        "date": "2018-10-15T21:58:45.563000",
        "db": "NVD",
        "id": "CVE-2008-0234"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#112179"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-182"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0234 (GCVE-0-2008-0234)

Description

Contournement provisoire

Solution

Description

Contournement provisoire

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature