Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0778Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.5HIGHNVD
EPSS
19.2%
top 4.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Quicktime
Timeline
PublishedFeb 14
Latest updateMay 1

Description

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapple/quicktime7.4.1

🔴Vulnerability Details

2
GHSA
GHSA-m4cq-28fp-6xmq: Multiple stack-based buffer overflows in an ActiveX control in QTPlugin2022-05-01
CVEList
CVE-2008-0778: Multiple stack-based buffer overflows in an ActiveX control in QTPlugin2008-02-14

💥Exploits & PoCs

1
Exploit-DB
QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities2008-02-13
CVE-2008-0778 — Apple Quicktime vulnerability | cvebase