cve-2008-2010
Vulnerability from cvelistv5
Published
2008-04-29 23:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "quicktime-unspecifiedremote-code-execution(42098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/"
},
{
"name": "1019950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019950"
},
{
"name": "28959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "quicktime-unspecifiedremote-code-execution(42098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/"
},
{
"name": "1019950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019950"
},
{
"name": "28959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quicktime-unspecifiedremote-code-execution(42098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098"
},
{
"name": "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/"
},
{
"name": "1019950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019950"
},
{
"name": "28959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2010",
"datePublished": "2008-04-29T23:00:00",
"dateReserved": "2008-04-29T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA5969D4-3D98-490E-89B6-FF7765E78C40\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Apple QuickTime Player de Windows XP SP2 y Vista SP1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un fichero media QuickTime manipulado.\\r\\nNOTA: a fecha 29/04/2008, la \\u00fanica revelaci\\u00f3n es un vago preaviso sin informaci\\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\\u00f3sito de seguimiento.\\r\\n\\r\\n\"}]",
"id": "CVE-2008-2010",
"lastModified": "2024-11-21T00:45:52.787",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2008-04-30T00:10:00.000",
"references": "[{\"url\": \"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28959\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019950\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28959\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-2010\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-30T00:10:00.000\",\"lastModified\":\"2024-11-21T00:45:52.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Apple QuickTime Player de Windows XP SP2 y Vista SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero media QuickTime manipulado.\\r\\nNOTA: a fecha 29/04/2008, la \u00fanica revelaci\u00f3n es un vago preaviso sin informaci\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\u00f3sito de seguimiento.\\r\\n\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5969D4-3D98-490E-89B6-FF7765E78C40\"}]}]}],\"references\":[{\"url\":\"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28959\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019950\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.