Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-3627 | First vendor Publication | 2008-09-10 |
| Vendor | Cve | Last vendor Modification | 2018-10-11 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3627 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16164 | |||
| Oval ID: | oval:org.mitre.oval:def:16164 | ||
| Title: | Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file | ||
| Description: | Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3627 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apple QuickTime |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-25 | Name : Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities File : nvt/secpod_apple_quicktime_mult_vuln_900121.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 48040 | Apple QuickTime Unspecified Component AVC1 atom Handling Arbitrary Code Execu... |
| 48039 | Apple QuickTime QuickTimeH264.scalar MOV Video MDAT atom Handling Arbitrary C... |
| 48038 | Apple QuickTime QuickTimeH264.qtx MP4 Video MDAT atom Handling Arbitrary Code... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-09-10 | Name : The remote Mac OS X host contains an application that is affected by multiple... File : macosx_Quicktime755.nasl - Type : ACT_GATHER_INFO |
| 2008-09-10 | Name : The remote Windows host contains an application that is affected by multiple ... File : quicktime_755.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:07:54 |
|
| 2021-04-22 01:08:16 |
|
| 2020-05-23 01:39:49 |
|
| 2020-05-23 00:22:06 |
|
| 2018-10-12 00:20:26 |
|
| 2017-11-22 21:22:37 |
|
| 2017-11-22 12:02:41 |
|
| 2017-09-29 09:23:40 |
|
| 2016-09-30 01:01:47 |
|
| 2016-06-28 17:16:58 |
|
| 2016-04-26 17:44:09 |
|
| 2014-02-17 10:46:04 |
|
| 2013-11-04 21:20:37 |
|
| 2013-05-11 00:23:30 |
|
