CVE-2005-4092 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-4092
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-4092

Description: Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

CVE Status: Candidate

References: ST 1015356 1015396 1015397 SREASON http://securityreason.com/securityalert/334 http://securityreason.com/securityalert/336 SAID Secunia Advisory: SA18149 Secunia Advisory: SA18370 MISC http://www.eeye.com/html/research/upcoming/20051117a.html http://www.eeye.com/html/research/upcoming/20051117b.html http://security-protocols.com/advisory/sp-x21-advisory.txt http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109 http://www.security-protocols.com/modules.php?name=News&file=article&sid=3133 http://www.security-protocols.com/advisory/sp-x21-advisory.txt EEYE CERT-VN 921193 CERT http://www.us-cert.gov/cas/techalerts/TA06-011A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/421635/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/421569/100/0/threaded BID 15732 APPLE http://docs.info.apple.com/article.html?artnum=303101

Return to the previous page.