Vulnerability Name:

CVE-2008-0033 (CCN-39697)

Assigned:2008-01-15
Published:2008-01-15
Updated:2018-10-15
Summary:Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-0033

Source: CCN
Type: Apple Web site
About the security content of QuickTime 7.4

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307301

Source: CCN
Type: TPTI-08-01
Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability

Source: MISC
Type: UNKNOWN
http://dvlabs.tippingpoint.com/advisory/TPTI-08-01

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-01-15

Source: CCN
Type: SA28502
Apple QuickTime Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28502

Source: CCN
Type: SECTRACK ID: 1019221
QuickTime Movie and PICT File Processing Bugs Let Remote Users Execute Arbitrary Code

Source: CCN
Type: Apple QuickTime Web site
Apple - QuickTime

Source: CCN
Type: OSVDB ID: 40897
Apple QuickTime Movie File Malformed Image Descriptor (IDSC) Memory Corruption Arbitrary Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability

Source: BID
Type: UNKNOWN
27299

Source: CCN
Type: BID-27299
Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019221

Source: CERT
Type: US Government Resource
TA08-016A

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0148

Source: XF
Type: UNKNOWN
quicktime-idsc-code-execution(39697)

Source: XF
Type: UNKNOWN
quicktime-idsc-code-execution(39697)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:quicktime:*:*:*:*:*:*:*:* (Version <= 7.3.1.70)

    • Configuration CCN 1:
  • cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple quicktime *
    apple quicktime 7.0.1
    apple quicktime 7.0.3
    apple quicktime 7.1.3
    apple quicktime 7.2
    apple quicktime 7.3
    apple quicktime 7.0
    apple quicktime 7.0.2
    apple quicktime 7.0.4
    apple quicktime 7.1
    apple quicktime 7.1.1
    apple quicktime 7.1.2
    apple quicktime 7.1.4
    apple quicktime 7.1.5
    apple quicktime 7.1.6
    apple quicktime 7.3.1
    apple quicktime 7.3.1.70
    microsoft windows xp sp2
    apple mac os x 10.3.9
    microsoft windows vista *
    apple mac os x 10.4.9
    apple mac os x 10.5