cve-2008-2010
Vulnerability from cvelistv5
Published
2008-04-29 23:00
Modified
2024-08-07 08:41
Severity ?
Summary
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
cve@mitre.orghttp://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/
cve@mitre.orghttp://www.securityfocus.com/bid/28959
cve@mitre.orghttp://www.securitytracker.com/id?1019950
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/42098
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28959
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019950
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42098
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:41:00.254Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "quicktime-unspecifiedremote-code-execution(42098)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/",
               },
               {
                  name: "1019950",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1019950",
               },
               {
                  name: "28959",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/28959",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-04-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file.  NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-07T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "quicktime-unspecifiedremote-code-execution(42098)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/",
            },
            {
               name: "1019950",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1019950",
            },
            {
               name: "28959",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/28959",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-2010",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file.  NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "quicktime-unspecifiedremote-code-execution(42098)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42098",
                  },
                  {
                     name: "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/",
                     refsource: "MISC",
                     url: "http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/",
                  },
                  {
                     name: "1019950",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1019950",
                  },
                  {
                     name: "28959",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/28959",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-2010",
      datePublished: "2008-04-29T23:00:00",
      dateReserved: "2008-04-29T00:00:00",
      dateUpdated: "2024-08-07T08:41:00.254Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA5969D4-3D98-490E-89B6-FF7765E78C40\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file.  NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Apple QuickTime Player de Windows XP SP2 y Vista SP1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un fichero media QuickTime manipulado.\\r\\nNOTA: a fecha 29/04/2008, la \\u00fanica revelaci\\u00f3n es un vago preaviso sin informaci\\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\\u00f3sito de seguimiento.\\r\\n\\r\\n\"}]",
         id: "CVE-2008-2010",
         lastModified: "2024-11-21T00:45:52.787",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
         published: "2008-04-30T00:10:00.000",
         references: "[{\"url\": \"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28959\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019950\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28959\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2008-2010\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-30T00:10:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file.  NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Apple QuickTime Player de Windows XP SP2 y Vista SP1 permite a atacantes remotos ejecutar código de su elección a través de un fichero media QuickTime manipulado.\\r\\nNOTA: a fecha 29/04/2008, la única revelación es un vago preaviso sin información de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con propósito de seguimiento.\\r\\n\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5969D4-3D98-490E-89B6-FF7765E78C40\"}]}]}],\"references\":[{\"url\":\"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28959\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019950\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.