Vulnerability-Lookup

CVE-2008-0234 (GCVE-0-2008-0234)

Vulnerability from cvelistv5 – Published: 2008-01-11 02:00 – Updated: 2024-08-07 07:39

Summary

Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.exploit-db.com/exploits/4885	exploitx_refsource_EXPLOIT-DB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/486161/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/486091/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/2064…	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://www.exploit-db.com/exploits/4906	exploitx_refsource_EXPLOIT-DB
	http://secunia.com/advisories/31034	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/486268/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/486174/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/archive/1/486114/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/27225	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/112179	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/486241/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/486238/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/0107	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/3537	third-party-advisoryx_refsource_SREASON
	http://www.securitytracker.com/id?1019178	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/28423	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:34.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "4885",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4885"
          },
          {
            "name": "quicktime-rtsp-responses-bo(39601)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
          },
          {
            "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
          },
          {
            "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
          },
          {
            "name": "ADV-2008-2064",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2064/references"
          },
          {
            "name": "APPLE-SA-2008-02-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
          },
          {
            "name": "4906",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4906"
          },
          {
            "name": "31034",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31034"
          },
          {
            "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
          },
          {
            "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2008-07-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
          },
          {
            "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
          },
          {
            "name": "27225",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27225"
          },
          {
            "name": "VU#112179",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/112179"
          },
          {
            "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
          },
          {
            "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
          },
          {
            "name": "ADV-2008-0107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0107"
          },
          {
            "name": "3537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3537"
          },
          {
            "name": "1019178",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019178"
          },
          {
            "name": "28423",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "4885",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4885"
        },
        {
          "name": "quicktime-rtsp-responses-bo(39601)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
        },
        {
          "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
        },
        {
          "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
        },
        {
          "name": "ADV-2008-2064",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2064/references"
        },
        {
          "name": "APPLE-SA-2008-02-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
        },
        {
          "name": "4906",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4906"
        },
        {
          "name": "31034",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31034"
        },
        {
          "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
        },
        {
          "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2008-07-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
        },
        {
          "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
        },
        {
          "name": "27225",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27225"
        },
        {
          "name": "VU#112179",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/112179"
        },
        {
          "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
        },
        {
          "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
        },
        {
          "name": "ADV-2008-0107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0107"
        },
        {
          "name": "3537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3537"
        },
        {
          "name": "1019178",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019178"
        },
        {
          "name": "28423",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "4885",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4885"
            },
            {
              "name": "quicktime-rtsp-responses-bo(39601)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
            },
            {
              "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
            },
            {
              "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
            },
            {
              "name": "ADV-2008-2064",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2064/references"
            },
            {
              "name": "APPLE-SA-2008-02-06",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
            },
            {
              "name": "4906",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4906"
            },
            {
              "name": "31034",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31034"
            },
            {
              "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
            },
            {
              "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2008-07-10",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
            },
            {
              "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
            },
            {
              "name": "27225",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27225"
            },
            {
              "name": "VU#112179",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/112179"
            },
            {
              "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
            },
            {
              "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
            },
            {
              "name": "ADV-2008-0107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0107"
            },
            {
              "name": "3537",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3537"
            },
            {
              "name": "1019178",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019178"
            },
            {
              "name": "28423",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0234",
    "datePublished": "2008-01-11T02:00:00.000Z",
    "dateReserved": "2008-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:39:34.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2008-0234

Vulnerability from fkie_nvd - Published: 2008-01-11 02:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html
cve@mitre.org	http://secunia.com/advisories/28423	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/31034	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3537	Exploit
cve@mitre.org	http://www.kb.cert.org/vuls/id/112179	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/486091/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486114/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486161/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486174/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486238/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486241/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486268/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27225	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019178
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0107	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2064/references	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39601
cve@mitre.org	https://www.exploit-db.com/exploits/4885
cve@mitre.org	https://www.exploit-db.com/exploits/4906
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31034	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3537	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/112179	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486091/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486114/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486161/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486174/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486238/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486241/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486268/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27225	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019178
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2064/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39601
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4885
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4906

Impacted products

	Vendor	Product	Version
	apple	quicktime	7.3.1.70
	apple	quicktime	7.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31662D02-7FA9-4FAD-BE49-194B7295CEE1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en Apple Quicktime Player versi\u00f3n 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una respuesta Reason-Phrase larga a una petici\u00f3n rtsp://, como es demostrado usando un mensaje de error 404."
    }
  ],
  "id": "CVE-2008-0234",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-01-11T02:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28423"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31034"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/3537"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/112179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27225"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2064/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4885"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securityreason.com/securityalert/3537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/112179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2064/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4906"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-ALE-001

Vulnerability from certfr_alerte - Published: 2008-01-11 - Updated: 2008-02-07

Une vulnérabilité affectant Apple QuickTime permet à un individu malveillant d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité dans le logiciel multimédia Apple QuickTime permet à une personne malintentionnée l'exécution de code arbitraire à distance via un dépassement de mémoire tampon lors d'une tentative infructueuse de lecture d'un fichier via le protocole Real Time Streaming Protocol (RTSP).

Une fonctionnalité de QuickTime permet de basculer automatiquement du protocole RTSP au protocole HTTP lorsque le port par défaut RTSP n'est pas joignable (554/tcp et 554/udp). Une page d'erreur spécialement conçue pour le protocole HTTP permet l'exploitation de cette vulnérabilité. Des codes d'exploitation ont été diffusés sur l'Internet.

Cette vulnérabilité concerne les machines ayant une version QuickTime à jour, et indépendemment du système d'exploitation installé.

Contournement provisoire

Parmis les contournements provisoires, on note :

Vérifier que la prise en charge des liens RTSP est désactivée dans QuickTime en décochant la case Édition -> Préférences -> Préférences de QuickTime -> Types de fichiers -> Enchaînement - séquence en temps réel -> Descripteur de flux RTSP ;

Cette option, qui n'est pas activée par défaut, ne comble en rien la vulnérabilité mais permet de d'éviter l'ouverture de lien malveillant par QuickTime.

vérifier la politique de filtrage des flux sortants. QuickTime essaie de se connecter au serveur sur différents ports (rtsp : 554 puis HTTP : 80), mais la politique de filtrage peut influencer ce passage. Ainsi, si les flux sortants vers les ports 554/TCP et 554/UDP sont filtrés et engendrent une absence de réponse dans un intervalle de temps suffisant, QuickTime n'effectue plus la tentative de connexion en HTTP.
utiliser un lecteur alternatif.

Solution

Mise à jour du 07 février 2008 :

Apple a corrigé cette vulnérabilité dans la version 7.4.1 de QuickTime, mentionnée dans l'avis CERTA-2008-AVI-059.

Apple QuickTime version 7.3.1.70.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis du CERTA CERTA-2008-AVI-059 du 07 février 2008 :	-	other
Note de vulnérabilité de l'US-CERT VU#112179 du 10 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple QuickTime version 7.3.1.70.\u003c/P\u003e",
  "closed_at": "2008-02-07",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le logiciel multim\u00e9dia Apple QuickTime permet \u00e0\nune personne malintentionn\u00e9e l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nvia un d\u00e9passement de m\u00e9moire tampon lors d\u0027une tentative infructueuse\nde lecture d\u0027un fichier via le protocole Real Time Streaming Protocol\n(RTSP).\n\nUne fonctionnalit\u00e9 de QuickTime permet de basculer automatiquement du\nprotocole RTSP au protocole HTTP lorsque le port par d\u00e9faut RTSP n\u0027est\npas joignable (554/tcp et 554/udp). Une page d\u0027erreur sp\u00e9cialement\ncon\u00e7ue pour le protocole HTTP permet l\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9. Des codes d\u0027exploitation ont \u00e9t\u00e9 diffus\u00e9s sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 concerne les machines ayant une version QuickTime \u00e0\njour, et ind\u00e9pendemment du syst\u00e8me d\u0027exploitation install\u00e9.\n\n## Contournement provisoire\n\nParmis les contournements provisoires, on note :\n\n-   V\u00e9rifier que la prise en charge des liens RTSP est d\u00e9sactiv\u00e9e dans\n    QuickTime en d\u00e9cochant la case \u00c9dition -\\\u003e Pr\u00e9f\u00e9rences -\\\u003e\n    Pr\u00e9f\u00e9rences de QuickTime -\\\u003e Types de fichiers -\\\u003e Encha\u00eenement -\n    s\u00e9quence en temps r\u00e9el -\\\u003e Descripteur de flux RTSP ;\n\nCette option, qui n\u0027est pas activ\u00e9e par d\u00e9faut, ne comble en rien la\nvuln\u00e9rabilit\u00e9 mais permet de d\u0027\u00e9viter l\u0027ouverture de lien malveillant\npar QuickTime.\n\n-   v\u00e9rifier la politique de filtrage des flux sortants. QuickTime\n    essaie de se connecter au serveur sur diff\u00e9rents ports (rtsp : 554\n    puis HTTP : 80), mais la politique de filtrage peut influencer ce\n    passage. Ainsi, si les flux sortants vers les ports 554/TCP et\n    554/UDP sont filtr\u00e9s et engendrent une absence de r\u00e9ponse dans un\n    intervalle de temps suffisant, QuickTime n\u0027effectue plus la\n    tentative de connexion en HTTP.\n-   utiliser un lecteur alternatif.\n\n## Solution\n\nMise \u00e0 jour du 07 f\u00e9vrier 2008 :\n\nApple a corrig\u00e9 cette vuln\u00e9rabilit\u00e9 dans la version 7.4.1 de QuickTime,\nmentionn\u00e9e dans l\u0027avis CERTA-2008-AVI-059.\n",
  "cves": [
    {
      "name": "CVE-2008-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0234"
    }
  ],
  "initial_release_date": "2008-01-11T00:00:00",
  "last_revision_date": "2008-02-07T00:00:00",
  "links": [
    {
      "title": "Avis du CERTA CERTA-2008-AVI-059 du 07 f\u00e9vrier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-059/"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#112179 du 10 janvier    2008 :",
      "url": "http://www.kb.cert.org/vuls/id/112179"
    }
  ],
  "reference": "CERTA-2008-ALE-001",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-11T00:00:00.000000"
    },
    {
      "description": "pr\u00e9cisions concernant le filtrage.",
      "revision_date": "2008-01-14T00:00:00.000000"
    },
    {
      "description": "correction apport\u00e9e par Apple dans la version 7.4.1 de QuickTime.",
      "revision_date": "2008-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant Apple QuickTime permet \u00e0 un individu\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apple QuickTime",
  "vendor_advisories": []
}

GSD-2008-0234

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0234

Aliases

CVE-2008-0234

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0234",
    "description": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.",
    "id": "GSD-2008-0234"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0234"
      ],
      "details": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.",
      "id": "GSD-2008-0234",
      "modified": "2023-12-13T01:22:58.910748Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0234",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "4885",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4885"
          },
          {
            "name": "quicktime-rtsp-responses-bo(39601)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
          },
          {
            "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
          },
          {
            "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
          },
          {
            "name": "ADV-2008-2064",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2064/references"
          },
          {
            "name": "APPLE-SA-2008-02-06",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
          },
          {
            "name": "4906",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4906"
          },
          {
            "name": "31034",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31034"
          },
          {
            "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
          },
          {
            "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2008-07-10",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
          },
          {
            "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
          },
          {
            "name": "27225",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27225"
          },
          {
            "name": "VU#112179",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/112179"
          },
          {
            "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
          },
          {
            "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
          },
          {
            "name": "ADV-2008-0107",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0107"
          },
          {
            "name": "3537",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3537"
          },
          {
            "name": "1019178",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019178"
          },
          {
            "name": "28423",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28423"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0234"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#112179",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/112179"
            },
            {
              "name": "27225",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/27225"
            },
            {
              "name": "1019178",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019178"
            },
            {
              "name": "28423",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28423"
            },
            {
              "name": "APPLE-SA-2008-02-06",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
            },
            {
              "name": "3537",
              "refsource": "SREASON",
              "tags": [
                "Exploit"
              ],
              "url": "http://securityreason.com/securityalert/3537"
            },
            {
              "name": "31034",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31034"
            },
            {
              "name": "APPLE-SA-2008-07-10",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
            },
            {
              "name": "ADV-2008-2064",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2064/references"
            },
            {
              "name": "ADV-2008-0107",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0107"
            },
            {
              "name": "quicktime-rtsp-responses-bo(39601)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
            },
            {
              "name": "4906",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4906"
            },
            {
              "name": "4885",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4885"
            },
            {
              "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
            },
            {
              "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
            },
            {
              "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
            },
            {
              "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
            },
            {
              "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
            },
            {
              "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
            },
            {
              "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:58Z",
      "publishedDate": "2008-01-11T02:46Z"
    }
  }
}

CERTA-2008-AVI-059

Vulnerability from certfr_avis - Published: 2008-02-07 - Updated: 2008-02-07

Plusieurs vulnérabilités ont été identifiées dans les applications Apple QuickTime et iPhoto. L'une d'elles a d'ailleurs fait l'objet de l'alerte CERTA-2008-ALE-001 publiée le 11 janvier 2008.

Les conséquences de l'exploitation de ces vulnérabilités sont variées, permettant pour certaines d'exécuter du code arbitraire à distance sur un système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans les applications Apple QuickTime et iPhoto.

L'une d'elles, sur QuickTime, a d'ailleurs fait l'objet de l'alerte CERTA-2008-ALE-001 publiée le 11 janvier 2008. Elle concerne un dépassement de mémoire tampon lors d'une tentative infructueuse de lecture de lecture d'un fichier via le protocole Real Time Streaming Protocol (RTSP).

iPhoto, quant à lui, ne manipulerait pas correctement certaines diffusions de photos (photocast) spécialement construites.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	les versions d'Apple iPhoto antérieures à 7.1.2.
	Apple	N/A	Les versions d'Apple QuickTime antérieures à 7.4.1 ;

References

Title

Publication Time

Tags

Bulletins de sécurité Apple 307407 et 307398 du 04 février 2008	None	vendor-advisory
Bulletin de sécurité Apple 307407 du 04 février 2008 :	-	other
Bulletin de sécurité Apple 307398 du 04 février 2008 :	-	other
Document du CERTA CERTA-2008-ALE-001 du 14 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions d\u0027Apple iPhoto ant\u00e9rieures \u00e0 7.1.2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Les versions d\u0027Apple QuickTime ant\u00e9rieures \u00e0 7.4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les applications Apple\nQuickTime et iPhoto.\n\nL\u0027une d\u0027elles, sur QuickTime, a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-001 publi\u00e9e le 11 janvier 2008. Elle concerne un\nd\u00e9passement de m\u00e9moire tampon lors d\u0027une tentative infructueuse de\nlecture de lecture d\u0027un fichier via le protocole Real Time Streaming\nProtocol (RTSP).\n\niPhoto, quant \u00e0 lui, ne manipulerait pas correctement certaines\ndiffusions de photos (photocast) sp\u00e9cialement construites.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0234"
    },
    {
      "name": "CVE-2008-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0043"
    }
  ],
  "initial_release_date": "2008-02-07T00:00:00",
  "last_revision_date": "2008-02-07T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307407 du 04 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307407"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307398 du 04 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307398"
    },
    {
      "title": "Document du CERTA CERTA-2008-ALE-001 du 14 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-001/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-059",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les applications Apple\nQuickTime et iPhoto. L\u0027une d\u0027elles a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-001 publi\u00e9e le 11 janvier 2008.\n\nLes cons\u00e9quences de l\u0027exploitation de ces vuln\u00e9rabilit\u00e9s sont vari\u00e9es,\npermettant pour certaines d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur\nun syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime et iPhoto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Apple 307407 et 307398 du 04 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

GHSA-H6V5-M9CF-GC4P

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2022-05-01 23:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-11T02:46:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.",
  "id": "GHSA-h6v5-m9cf-gc4p",
  "modified": "2022-05-01T23:28:31Z",
  "published": "2022-05-01T23:28:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0234"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4885"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4906"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28423"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31034"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3537"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/112179"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27225"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019178"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0107"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2064/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0234 (GCVE-0-2008-0234)

FKIE_CVE-2008-0234

CERTA-2008-ALE-001

Description

Contournement provisoire

Solution

GSD-2008-0234

CERTA-2008-AVI-059

Description

Solution

GHSA-H6V5-M9CF-GC4P

Tags

Sightings

Nomenclature