7.6

CVE-2009-0008

Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4% 0.892
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html
Vendor Advisory
http://secunia.com/advisories/33642
Vendor Advisory
http://support.apple.com/kb/HT3404
Vendor Advisory
http://www.securityfocus.com/bid/33393
http://www.securitytracker.com/id?1021621
http://www.vupen.com/english/advisories/2009/0211
https://exchange.xforce.ibmcloud.com/vulnerabilities/48162
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974