Showing 1 - 1 of 1

CVE-2008-3626

Status Candidate

Overview

The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

Related Files

Zero Day Initiative Advisory 08-059: Posted Sep 10, 2008; Authored by Tipping Point | Site zerodayinitiative.com; A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ atoms within the function CallComponentFunctionWithStorage(). When an entry in the sample_size_table is too large, a memory corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.; tags | advisory, remote, arbitrary; systems | apple; advisories | CVE-2008-3626; SHA-256 | 2d1888b9c7264e11b6198be6e6eb29d6724803b19f1b271a1621eeee0c98eddf; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 83 files
Ubuntu 79 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,707)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,485)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,737)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

CVE-2008-3626

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems