Buffer Overflow In Apple Quicktime Player Network Vulnerability

Summary

The remote host is probable affected by the vulnerabilitys described in CVE-2008-0234 CVE-2008-2010 Impact Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Solution

All Users should upgrade to the latest version.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2010
http://lists.apple.com/archives/Security-announce/2008/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2010

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
Audacity Buffer Overflow Vulnerability (Linux)
BSPlayer Stack Overflow Vulnerability SRT
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities