Executive Summary
Summary | |
---|---|
Title | Win32 binary codecs: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200803-08 | First vendor Publication | 2008-03-04 |
Vendor | Gentoo | Last vendor Modification | 2008-03-04 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background Description Impact Workaround Resolution Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References Availability http://security.gentoo.org/glsa/glsa-200803-08.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200803-08.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
QuickTime RTSP Content-Type header buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-08 (win32codecs) File : nvt/glsa_200803_08.nasl |
2008-09-04 | Name : FreeBSD Ports: win32-codecs File : nvt/freebsd_win32-codecs.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43716 | Apple QuickTime Crafted Movie Atom Remote Overflow |
40876 | Apple QuickTime RTSP Content-Type Header Processing Overflow A buffer overflow exists in Quicktime. Quicktime fails to validate RTSP stream Content-Type headers resulting in a stack overflow. With a specially crafted RTSP stream, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
28773 | Apple QuickTime H.264 Movie Handling Overflow A local overflow exists in Quicktime. The program fails to validate H.264 movie files resulting in an integer or buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
28772 | Apple QuickTime QT Movie Multiple Overflow A local overflow exists in Quicktime. The program fails to validate Quicktime files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
28771 | Apple QuickTime FLC Movie COLOR_64 Chunk Overflow A local overflow exists in Quicktime. The program fails to validate FLC files resulting in a heap buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
28770 | Apple QuickTime FlashPix (FPX) File Processing Overflow A local overflow exists in Quicktime. The program fails to validate FlashPix files resulting in a buffer or integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
28769 | Apple QuickTime FlashPix (FPX) File Arbitrary Code Execution Quicktime contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an attacker is able to use a specially crafted FlashPix file to trigger an exception, leaving an uninitialized object. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
28768 | Apple QuickTime SGI Image Processing Overflow A local overflow exists in Quicktime. The program fails to validate SGI files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple QuickTime FLIC animation file buffer overflow attempt RuleID : 16041 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | 3ivx MP4 file parsing cpy buffer overflow attempt RuleID : 13320 - Revision : 18 - Type : FILE-MULTIMEDIA |
2014-01-10 | 3ivx MP4 file parsing des buffer overflow attempt RuleID : 13319 - Revision : 18 - Type : FILE-MULTIMEDIA |
2014-01-10 | 3ivx MP4 file parsing cmt buffer overflow attempt RuleID : 13318 - Revision : 18 - Type : FILE-MULTIMEDIA |
2014-01-10 | 3ivx MP4 file parsing nam buffer overflow attempt RuleID : 13317 - Revision : 21 - Type : FILE-MULTIMEDIA |
2014-01-10 | 3ivx MP4 file parsing ART buffer overflow attempt RuleID : 13316 - Revision : 18 - Type : FILE-MULTIMEDIA |
2014-01-10 | Apple Quicktime UDP RTSP sdp type buffer overflow attempt RuleID : 12742 - Revision : 11 - Type : SERVER-OTHER |
2014-01-10 | Apple Quicktime TCP RTSP sdp type buffer overflow attempt RuleID : 12741 - Revision : 16 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-03-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-08.nasl - Type : ACT_GATHER_INFO |
2007-12-14 | Name : The remote Mac OS X host contains an application that is affected by multiple... File : macosx_Quicktime731.nasl - Type : ACT_GATHER_INFO |
2007-12-14 | Name : The remote Windows host contains an application that is affected by multiple ... File : quicktime_731.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Mac OS X host contains an application that is affected by multiple... File : macosx_Quicktime73.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Windows host contains an application that is affected by multiple ... File : quicktime_73.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_24f6b1eb43d511db81e1000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-09-13 | Name : The remote version of QuickTime is affected by multiple overflow vulnerabilit... File : macosx_Quicktime713.nasl - Type : ACT_GATHER_INFO |
2006-09-13 | Name : The remote version of QuickTime is affected by multiple overflow vulnerabilit... File : quicktime_713.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:37 |
|