| CVE-2009-0006 |
| 기본정보 |
- 공개일 : 2009-01-22
- 변경일 : 2011-10-11
|
| CVSS 평가 |
- 위험도: 9.3
-
액세스 벡터
:
NETWORK
-
액세스 복잡성
:
보통
-
인증
:
없음
-
기밀성 영향
:
전체
-
무결성 영향
:
전체
-
가용성 영향
:
전체
-
출처
:
http://nvd.nist.gov
-
공개일
:
2009-01-23
|
| 설명 |
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
|
| 참조 |
- CERT, TA09-022A
- APPLE, APPLE-SA-2009-01-21
- MISC, http://www.zerodayinitiative.com/advisories/ZDI-09-007/
- VUPEN, ADV-2009-0212
- BID, 33388
- BUGTRAQ, 20090124 Re: ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corr..
- CONFIRM, http://support.apple.com/kb/HT3403
- SECUNIA, 33632
- OSVDB, 51529
- BUGTRAQ, 20090121 ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corrupti..
|
| 취약 소프트웨어 |
-
apple
quicktime
3
-
apple
quicktime
7.2
-
apple
quicktime
7.4.1
-
apple
quicktime
7.4.5
-
apple
quicktime
7.1.3
-
apple
quicktime
7.4.4
-
apple
quicktime
7.3.1
-
apple
quicktime
7.1.1
-
apple
quicktime
4.1.2
-
apple
quicktime
6.0
-
apple
quicktime
7.1.4
-
apple
quicktime
5.0
-
apple
quicktime
5.0.2
-
apple
quicktime
6.1
-
apple
quicktime
5.0.1
-
apple
quicktime
7.4
-
apple
quicktime
7.0.4
-
apple
quicktime
7.5
-
apple
quicktime
6.5.1
-
apple
quicktime
7.0.2
-
apple
quicktime
7.1.2
-
apple
quicktime
7.0.1
-
apple
quicktime
7.5.5
-
apple
quicktime
6.5.2
-
apple
quicktime
7.0.3
-
apple
quicktime
7.1.5
-
apple
quicktime
7.1
-
apple
quicktime
7.0.8
-
apple
quicktime
7.1.6
-
apple
quicktime
7.3
-
apple
quicktime
6.5
-
apple
quicktime
7.0
-
apple
quicktime
7.3.1.70
|
