7.6
CVE-2009-0008
- EPSS 4%
- Veröffentlicht 22.01.2009 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:04:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apple ≫ Quicktime Mpeg-2 Playback Component
Microsoft ≫ Windows Vista
Microsoft ≫ Windows Xp
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows Xp
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4% | 0.892 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html
http://secunia.com/advisories/33642
http://support.apple.com/kb/HT3404
http://www.securityfocus.com/bid/33393
http://www.securitytracker.com/id?1021621
http://www.vupen.com/english/advisories/2009/0211
https://exchange.xforce.ibmcloud.com/vulnerabilities/48162
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974