CVE-2008-0778

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
applequicktime
𝑥
≤ 7.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/3652
http://www.securityfocus.com/archive/1/488045/100/0/threaded
http://www.securityfocus.com/bid/27769
https://exchange.xforce.ibmcloud.com/vulnerabilities/40475
https://www.exploit-db.com/exploits/5110
http://securityreason.com/securityalert/3652
http://www.securityfocus.com/archive/1/488045/100/0/threaded
http://www.securityfocus.com/bid/27769
https://exchange.xforce.ibmcloud.com/vulnerabilities/40475
https://www.exploit-db.com/exploits/5110