Sign-up

ID

VAR-200804-0154


CVE

CVE-2008-2010


TITLE

Windows XP and Vista of Apple QuickTime Player Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2008-003018

DESCRIPTION

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Apple QuickTime is prone to an unspecified remote code-execution vulnerability. Very few technical details are currently available. We will update this BID as more information emerges. Successful exploits can allow remote attackers to execute arbitrary code in the context of the user running the application. This may facilitate a compromise of affected computers. This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2008-2010 // JVNDB: JVNDB-2008-003018 // BID: 28959 // VULHUB: VHN-32135

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:*

Trust: 1.0

vendor:applemodel:quicktimescope: - version: -

Trust: 0.8

vendor:microsoftmodel:windowsscope:eqversion:vista sp11

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3 sp2

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion: -

Trust: 0.6

vendor:microsoftmodel:windows-ntscope:eqversion:vista

Trust: 0.6

vendor:microsoftmodel:windows xpscope:eqversion:sp2

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

sources: BID: 28959 // JVNDB: JVNDB-2008-003018 // CNNVD: CNNVD-200804-428 // NVD: CVE-2008-2010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2010
value: HIGH

Trust: 1.0

NVD: CVE-2008-2010
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200804-428
value: CRITICAL

Trust: 0.6

VULHUB: VHN-32135
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-2010
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32135
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32135 // JVNDB: JVNDB-2008-003018 // CNNVD: CNNVD-200804-428 // NVD: CVE-2008-2010

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-2010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200804-428

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200804-428

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003018

PATCH
title:Top Pageurl:http://www.apple.com/quicktime/
Trust: 0.8
title:Top Pageurl:http://windows.microsoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003018

EXTERNAL IDS
db:NVDid:CVE-2008-2010
Trust: 2.8
db:BIDid:28959
Trust: 2.0
db:SECTRACKid:1019950
Trust: 1.7
db:JVNDBid:JVNDB-2008-003018
Trust: 0.8
db:CNNVDid:CNNVD-200804-428
Trust: 0.7
db:XFid:42098
Trust: 0.6
db:VULHUBid:VHN-32135
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32135 // 
            
            
            
            BID: 28959 // 
            
            
            
            JVNDB: JVNDB-2008-003018 // 
            
            
            
            CNNVD: CNNVD-200804-428 // 
            
            
            
            NVD: CVE-2008-2010

REFERENCES
url:http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/
Trust: 2.0
url:http://www.securityfocus.com/bid/28959
Trust: 1.7
url:http://www.securitytracker.com/id?1019950
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/42098
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2010
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2010
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/42098
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-32135 // 
            
            
            
            BID: 28959 // 
            
            
            
            JVNDB: JVNDB-2008-003018 // 
            
            
            
            CNNVD: CNNVD-200804-428 // 
            
            
            
            NVD: CVE-2008-2010

CREDITS
pdp from GNUCITIZEN
Trust: 0.9
sources:
            
            
            BID: 28959 // 
            
            
            
            CNNVD: CNNVD-200804-428

SOURCES
db:VULHUBid:VHN-32135
db:BIDid:28959
db:JVNDBid:JVNDB-2008-003018
db:CNNVDid:CNNVD-200804-428
db:NVDid:CVE-2008-2010

LAST UPDATE DATE
2024-11-23T23:13:15.382000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32135date:2018-10-30T00:00:00
db:BIDid:28959date:2008-04-30T17:26:00
db:JVNDBid:JVNDB-2008-003018date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200804-428date:2008-09-05T00:00:00
db:NVDid:CVE-2008-2010date:2024-11-21T00:45:52.787

SOURCES RELEASE DATE
db:VULHUBid:VHN-32135date:2008-04-30T00:00:00
db:BIDid:28959date:2008-04-28T00:00:00
db:JVNDBid:JVNDB-2008-003018date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200804-428date:2008-04-29T00:00:00
db:NVDid:CVE-2008-2010date:2008-04-30T00:10:00