Vulnerabilities > CVE-2008-0032 - Resource Management Errors vulnerability in Apple Quicktime

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
apple
CWE-399
nessus

Summary

Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME74.NASL
    descriptionThe version of QuickTime installed on the remote Mac OS X host is older than 7.4. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted movie or PICT file file with QuickTime.
    last seen2020-06-01
    modified2020-06-02
    plugin id29983
    published2008-01-16
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29983
    titleQuickTime < 7.4 Multiple Vulnerabilities (Mac OS X)
  • NASL familyWindows
    NASL idQUICKTIME_74.NASL
    descriptionThe version of QuickTime installed on the remote Windows host is older than 7.4. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted movie or PICT file file with QuickTime.
    last seen2020-06-01
    modified2020-06-02
    plugin id29982
    published2008-01-16
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29982
    titleQuickTime < 7.4 Multiple Vulnerabilities (Windows)