QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-4092

Back to search

CVE-2005-4092

Published: Dec 8, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

VendorProductVersions

n/a

n/a

affected
n/a

References

18370
third-party-advisory
x_refsource_SECUNIA
TA06-011A
third-party-advisory
x_refsource_CERT
APPLE-SA-2006-01-10
vendor-advisory
x_refsource_APPLE
15732
vdb-entry
x_refsource_BID
1015356
vdb-entry
x_refsource_SECTRACK
336
third-party-advisory
x_refsource_SREASON
ADV-2006-0128
vdb-entry
x_refsource_VUPEN
334
third-party-advisory
x_refsource_SREASON
1015396
vdb-entry
x_refsource_SECTRACK
VU#921193
third-party-advisory
x_refsource_CERT-VN
18149
third-party-advisory
x_refsource_SECUNIA
ADV-2005-3012
vdb-entry
x_refsource_VUPEN
1015397
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now