Buffer Overflow In Apple Quicktime Player Network Vulnerability

Summary

The remote host is probable affected by the vulnerabilitys described in CVE-2008-0234 CVE-2008-2010 Impact Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Solution

All Users should upgrade to the latest version.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2010
http://lists.apple.com/archives/Security-announce/2008/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2010
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
Advantech Studio Multiple Buffer Overflow Vulnerabilities
DesignWorks Professional '.cct' File BOF Vulnerability
avast! Multiple Vulnerabilities - Oct09 (Win)

Take action and discover your vulnerabilities