Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4116Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
9.6%
top 7.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple ItunesApple Quicktime
Timeline
PublishedSep 18
Latest updateMay 2

Description

Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/quicktime7.5.5
NVDapple/itunes8.0

🔴Vulnerability Details

2
GHSA
GHSA-m59p-cghj-96qg: Buffer overflow in Apple QuickTime 72022-05-02
CVEList
CVE-2008-4116: Buffer overflow in Apple QuickTime 72008-09-17

💥Exploits & PoCs

1
Exploit-DB
Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash2008-09-16
CVE-2008-4116 — Apple Itunes vulnerability | cvebase