var-200809-0188
Vulnerability from variot
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. Versions prior to QuickTime 7.5.5 are affected. NOTE: Two issues that were previously covered in this BID were given their own records to better document the details: - CVE-2008-3626 was moved to BID 31546 ('Apple QuickTime 'STSZ' Atoms Memory Corruption Vulnerability') - CVE-2008-3629 was moved to BID 31548 ('Apple QuickTime PICT Denial of Service Vulnerability'). Apple QuickTime is a very popular multimedia player. iDefense Security Advisory 09.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 09, 2008
I. BACKGROUND
Quicktime is Apple's media player product, and is used to render video and other media. The PICT file format was developed by Apple Inc. in 1984. PICT files can contain both object oriented images and bitmaps. For more information visit the vendor's web site at the following URL.
http://www.apple.com/quicktime/
II. This issue results in heap corruption which can lead to arbitrary code execution.
III. ANALYSIS
Exploitation of this issue results in arbitrary code execution in the security context of the current user. An attacker would need to host a web page containing a malformed PICT file. Upon visiting the malicious web page exploitation would occur. Alternatively a malicious PICT file could be attached to an e-mail.
IV. Older versions are also suspected to be vulnerable.
V. WORKAROUND
iDefense recommends disabling the QuickTime Plug-in and altering the .pic and .pict file type associations within the registry. Disabling the plug-in will prevent web browsers from utilizing QuickTime Player to view associated media files. Removing the file type associations within the registry will prevent QuickTime Player and Picture Viewer from opening .pic and .pict files.
VI. VENDOR RESPONSE
Apple has released QuickTime 7.5.5 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL shown below.
http://support.apple.com/kb/HT3027
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3614 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
05/13/2008 Initial vendor notification 05/22/2008 Initial vendor response 09/09/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0188", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.1" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.3.1" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.3.1.70" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.2" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.6" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.4" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.4.5" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.5" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.3" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.4.1" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.3" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.4" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.2" }, { "model": "quicktime", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "7.5" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.2" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.3" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.1" }, { "model": "quicktime", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.4" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5 to v10.5.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5 to v10.5.4" }, { "model": "quicktime", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.5.5" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.4.1" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.1.70" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.4" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "quicktime player", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "7.5.5" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "31086" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "CNNVD", "id": "CNNVD-200809-117" }, { "db": "NVD", "id": "CVE-2008-3614" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2008-3614" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sergio AlvarezDavid WhartonRoee HayZDI\u203bhttp://www.zerodayinitiative.com/", "sources": [ { "db": "CNNVD", "id": "CNNVD-200809-117" } ], "trust": 0.6 }, "cve": "CVE-2008-3614", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2008-3614", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-33739", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2008-3614", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "CNNVD", "id": "CNNVD-200809-117", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-33739", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULHUB", "id": "VHN-33739" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "CNNVD", "id": "CNNVD-200809-117" }, { "db": "NVD", "id": "CVE-2008-3614" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. \nThese issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. \nVersions prior to QuickTime 7.5.5 are affected. \nNOTE: Two issues that were previously covered in this BID were given their own records to better document the details:\n- CVE-2008-3626 was moved to BID 31546 (\u0027Apple QuickTime \u0027STSZ\u0027 Atoms Memory Corruption Vulnerability\u0027)\n- CVE-2008-3629 was moved to BID 31548 (\u0027Apple QuickTime PICT Denial of Service Vulnerability\u0027). Apple QuickTime is a very popular multimedia player. iDefense Security Advisory 09.09.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nSep 09, 2008\n\nI. BACKGROUND\n\nQuicktime is Apple\u0027s media player product, and is used to render video\nand other media. The PICT file format was developed by Apple Inc. in\n1984. PICT files can contain both object oriented images and bitmaps. \nFor more information visit the vendor\u0027s web site at the following URL. \n\nhttp://www.apple.com/quicktime/\n\nII. This issue results in heap corruption\nwhich can lead to arbitrary code execution. \n\nIII. ANALYSIS\n\nExploitation of this issue results in arbitrary code execution in the\nsecurity context of the current user. An attacker would need to host a\nweb page containing a malformed PICT file. Upon visiting the malicious\nweb page exploitation would occur. Alternatively a malicious PICT file\ncould be attached to an e-mail. \n\nIV. Older versions are also suspected to be\nvulnerable. \n\nV. WORKAROUND\n\niDefense recommends disabling the QuickTime Plug-in and altering the\n.pic and .pict file type associations within the registry. Disabling\nthe plug-in will prevent web browsers from utilizing QuickTime Player\nto view associated media files. Removing the file type associations\nwithin the registry will prevent QuickTime Player and Picture Viewer\nfrom opening .pic and .pict files. \n\nVI. VENDOR RESPONSE\n\nApple has released QuickTime 7.5.5 which resolves this issue. More\ninformation is available via Apple\u0027s QuickTime Security Update page at\nthe URL shown below. \n\nhttp://support.apple.com/kb/HT3027\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3614 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n05/13/2008 Initial vendor notification\n05/22/2008 Initial vendor response\n09/09/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor", "sources": [ { "db": "NVD", "id": "CVE-2008-3614" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "BID", "id": "31086" }, { "db": "VULHUB", "id": "VHN-33739" }, { "db": "PACKETSTORM", "id": "69815" }, { "db": "PACKETSTORM", "id": "38390" } ], "trust": 2.88 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-33739", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-33739" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-3614", "trust": 2.9 }, { "db": "BID", "id": "31086", "trust": 2.8 }, { "db": "SECUNIA", "id": "31821", "trust": 2.5 }, { "db": "SECUNIA", "id": "31882", "trust": 2.5 }, { "db": "SECTRACK", "id": "1020841", "trust": 2.5 }, { "db": "VUPEN", "id": "ADV-2008-2584", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2527", "trust": 1.7 }, { "db": "SECTRACK", "id": "1020879", "trust": 1.7 }, { "db": "USCERT", "id": "TA08-260A", "trust": 1.7 }, { "db": "SECUNIA", "id": "15884", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15895", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2008-001684", "trust": 0.8 }, { "db": "IDEFENSE", "id": "20080909 APPLE QUICKTIME PICT INTEGER OVERFLOW VULNERABILITY", "trust": 0.6 }, { "db": "CERT/CC", "id": "TA08-260A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2008-09-15", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2008-09-09", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200809-117", "trust": 0.6 }, { "db": "ZDI", "id": "ZDI-08-062", "trust": 0.3 }, { "db": "ZDI", "id": "ZDI-08-060", "trust": 0.3 }, { "db": "ZDI", "id": "ZDI-08-057", "trust": 0.3 }, { "db": "ZDI", "id": "ZDI-08-058", "trust": 0.3 }, { "db": "ZDI", "id": "ZDI-08-061", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "69815", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-33739", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38390", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULHUB", "id": "VHN-33739" }, { "db": "BID", "id": "31086" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "PACKETSTORM", "id": "69815" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200809-117" }, { "db": "NVD", "id": "CVE-2008-3614" } ] }, "id": "VAR-200809-0188", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-33739" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:40:25.118000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security Update 2008-006", "trust": 0.8, "url": "http://support.apple.com/kb/ht3137" }, { "title": "QuickTime 7.5.5", "trust": 0.8, "url": "http://support.apple.com/kb/ht3027" }, { "title": "QuickTime 7.5.5", "trust": 0.8, "url": "http://support.apple.com/kb/ht3027?viewlocale=ja_jp" }, { "title": "Security Update 2008-006", "trust": 0.8, "url": "http://support.apple.com/kb/ht3137?viewlocale=ja_jp" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001684" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-33739" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "NVD", "id": "CVE-2008-3614" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/31086" }, { "trust": 2.5, "url": "http://securitytracker.com/id?1020841" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31821" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31882" }, { "trust": 2.0, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744" }, { "trust": 1.8, "url": "http://support.apple.com/kb/ht3027" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00000.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00005.html" }, { "trust": 1.7, "url": "http://www.us-cert.gov/cas/techalerts/ta08-260a.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht3137" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1020879" }, { "trust": 1.4, "url": "http://www.frsirt.com/english/advisories/2008/2584" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15851" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/2527" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/2584" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3614" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3614" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/2527" }, { "trust": 0.4, "url": "http://www.apple.com/quicktime/" }, { "trust": 0.3, "url": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/" }, { "trust": 0.3, "url": "http://blog.watchfire.com/wfblog/2008/09/quicktime-patch.html" }, { "trust": 0.3, "url": "/archive/1/496358" }, { "trust": 0.3, "url": "/archive/1/496180" }, { "trust": 0.3, "url": "/archive/1/496161" }, { "trust": 0.3, "url": "/archive/1/496163" }, { "trust": 0.3, "url": "/archive/1/496175" }, { "trust": 0.3, "url": "/archive/1/496176" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-08-060/" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-08-057/" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-08-062/" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-08-058/" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-08-061/" }, { "trust": 0.1, "url": "http://cve.mitre.org/)," }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://labs.idefense.com/intelligence/vulnerabilities/" }, { "trust": 0.1, "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3614" }, { "trust": 0.1, "url": "http://labs.idefense.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/4577/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=36679" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULHUB", "id": "VHN-33739" }, { "db": "BID", "id": "31086" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "PACKETSTORM", "id": "69815" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200809-117" }, { "db": "NVD", "id": "CVE-2008-3614" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULHUB", "id": "VHN-33739" }, { "db": "BID", "id": "31086" }, { "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "db": "PACKETSTORM", "id": "69815" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200809-117" }, { "db": "NVD", "id": "CVE-2008-3614" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2008-09-11T00:00:00", "db": "VULHUB", "id": "VHN-33739" }, { "date": "2008-09-09T00:00:00", "db": "BID", "id": "31086" }, { "date": "2008-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "date": "2008-09-10T08:57:38", "db": "PACKETSTORM", "id": "69815" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38390" }, { "date": "2008-09-11T00:00:00", "db": "CNNVD", "id": "CNNVD-200809-117" }, { "date": "2008-09-11T01:13:09.243000", "db": "NVD", "id": "CVE-2008-3614" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-33739" }, { "date": "2008-10-03T16:28:00", "db": "BID", "id": "31086" }, { "date": "2008-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001684" }, { "date": "2008-11-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200809-117" }, { "date": "2018-10-30T16:25:38.340000", "db": "NVD", "id": "CVE-2008-3614" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "69815" }, { "db": "CNNVD", "id": "CNNVD-200809-117" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple PHP XML-RPC implementations vulnerable to code injection", "sources": [ { "db": "CERT/CC", "id": "VU#442845" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200809-117" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.