Details of VAR-200304-0024

ID

VAR-200304-0024

CVE

CVE-2003-0168

TITLE

Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs

Trust: 0.8

sources: CERT/CC: VU#112553

DESCRIPTION

Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. Apple's QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. It has been reported that the QuickTime Player does not properly handle some types of URLs. Apple QuickTime Player is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. When the player processes the QuickTime URL, the application will extract the key value HKEY_CLASSES_ROOT/quicktime from the Windows registry key: \\%PATH TO QUICKTIME\\%\QuickTimePlayer.exe -u\"\\%1\" When the URL contains 400 character will destroy the buffer space allocated in the stack and overwrite the saved instruction pointer

Trust: 1.98

sources: NVD: CVE-2003-0168 // CERT/CC: VU#112553 // BID: 7247 // VULHUB: VHN-6998

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	eq	version:	6.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	quicktime player	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	6.1	Trust: 0.3

sources: CERT/CC: VU#112553 // BID: 7247 // CNNVD: CNNVD-200304-040 // NVD: CVE-2003-0168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0168
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#112553
value:	15.68
Trust: 0.8
CNNVD:	CNNVD-200304-040
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6998
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0168
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6998
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#112553 // VULHUB: VHN-6998 // CNNVD: CNNVD-200304-040 // NVD: CVE-2003-0168

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200304-040

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 7247 // CNNVD: CNNVD-200304-040

EXTERNAL IDS

db:	CERT/CC	id:	VU#112553	Trust: 2.5
db:	BID	id:	7247	Trust: 2.0
db:	NVD	id:	CVE-2003-0168	Trust: 2.0
db:	OSVDB	id:	10561	Trust: 1.7
db:	CNNVD	id:	CNNVD-200304-040	Trust: 0.7
db:	BUGTRAQ	id:	20030401 IDEFENSE SECURITY ADVISORY 03.31.03: BUFFER OVERFLOW IN WINDOWS QUICKTIME PLAYER	Trust: 0.6
db:	BUGTRAQ	id:	20030401 FWD: QUICKTIME 6.1 FOR WINDOWS IS AVAILABLE	Trust: 0.6
db:	VULNWATCH	id:	20030331 IDEFENSE SECURITY ADVISORY 03.31.03: BUFFER OVERFLOW IN WINDOWS QUICKTIME PLAYER	Trust: 0.6
db:	XF	id:	11671	Trust: 0.6
db:	VULHUB	id:	VHN-6998	Trust: 0.1

sources: CERT/CC: VU#112553 // VULHUB: VHN-6998 // BID: 7247 // CNNVD: CNNVD-200304-040 // NVD: CVE-2003-0168

REFERENCES

url:	http://www.securityfocus.com/bid/7247	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/112553	Trust: 1.7
url:	http://lists.apple.com/mhonarc/security-announce/msg00027.html	Trust: 1.7
url:	http://www.idefense.com/advisory/03.31.03.txt	Trust: 1.7
url:	http://www.osvdb.org/10561	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/317141/30/25220/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/317148/30/25220/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11671	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/11671	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/317148/30/25220/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/317141/30/25220/threaded	Trust: 0.6
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.idefense.com/application/poi/display?id=15&type=vulnerabilities	Trust: 0.3

sources: CERT/CC: VU#112553 // VULHUB: VHN-6998 // BID: 7247 // CNNVD: CNNVD-200304-040 // NVD: CVE-2003-0168

CREDITS

iDEFENSE Security Advisory※ labs@idefense.com

Trust: 0.6

sources: CNNVD: CNNVD-200304-040

SOURCES

db:	CERT/CC	id:	VU#112553
db:	VULHUB	id:	VHN-6998
db:	BID	id:	7247
db:	CNNVD	id:	CNNVD-200304-040
db:	NVD	id:	CVE-2003-0168

LAST UPDATE DATE

2024-08-14T15:25:48.684000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#112553	date:	2003-04-01T00:00:00
db:	VULHUB	id:	VHN-6998	date:	2018-10-19T00:00:00
db:	BID	id:	7247	date:	2009-07-11T21:06:00
db:	CNNVD	id:	CNNVD-200304-040	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0168	date:	2018-10-19T15:29:33.167

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#112553	date:	2003-04-01T00:00:00
db:	VULHUB	id:	VHN-6998	date:	2003-04-02T00:00:00
db:	BID	id:	7247	date:	2003-03-31T00:00:00
db:	CNNVD	id:	CNNVD-200304-040	date:	2003-03-31T00:00:00
db:	NVD	id:	CVE-2003-0168	date:	2003-04-02T05:00:00