CVE-2009-0006

Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
applequicktime
𝑥
≤ 7.5.5
applequicktime
3.0
applequicktime
4.1.2
applequicktime
5.0
applequicktime
5.0.1
applequicktime
5.0.2
applequicktime
6.0
applequicktime
6.0.0
applequicktime
6.0.1
applequicktime
6.0.2
applequicktime
6.1
applequicktime
6.1.0
applequicktime
6.1.1
applequicktime
6.2.0
applequicktime
6.3.0
applequicktime
6.4.0
applequicktime
6.5
applequicktime
6.5.0
applequicktime
6.5.1
applequicktime
6.5.2
applequicktime
7.0
applequicktime
7.0.0
applequicktime
7.0.1
applequicktime
7.0.2
applequicktime
7.0.3
applequicktime
7.0.4
applequicktime
7.1
applequicktime
7.1.0
applequicktime
7.1.1
applequicktime
7.1.2
applequicktime
7.1.3
applequicktime
7.1.4
applequicktime
7.1.5
applequicktime
7.1.6
applequicktime
7.2
applequicktime
7.2.1
applequicktime
7.3
applequicktime
7.3.0
applequicktime
7.3.1
applequicktime
7.3.1.70
applequicktime
7.4
applequicktime
7.4.0
applequicktime
7.4.1
applequicktime
7.4.5
applequicktime
7.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2009-01/0215.html
http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html
http://osvdb.org/51529
http://secunia.com/advisories/33632
http://support.apple.com/kb/HT3403
http://www.securityfocus.com/archive/1/500391/100/0/threaded
http://www.securityfocus.com/bid/33388
http://www.us-cert.gov/cas/techalerts/TA09-022A.html
http://www.vupen.com/english/advisories/2009/0212
http://www.zerodayinitiative.com/advisories/ZDI-09-007/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6153
http://archives.neohapsis.com/archives/bugtraq/2009-01/0215.html
http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html
http://osvdb.org/51529
http://secunia.com/advisories/33632
http://support.apple.com/kb/HT3403
http://www.securityfocus.com/archive/1/500391/100/0/threaded
http://www.securityfocus.com/bid/33388
http://www.us-cert.gov/cas/techalerts/TA09-022A.html
http://www.vupen.com/english/advisories/2009/0212
http://www.zerodayinitiative.com/advisories/ZDI-09-007/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6153