Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5406Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
6.0%
top 9.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple ItunesApple Quicktime
Timeline
PublishedDec 10
Latest updateMay 17

Description

Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/itunes8.0.2.20
NVDapple/quicktime7.5.5

🔴Vulnerability Details

2
GHSA
GHSA-6xgr-wr6f-5vmp: Stack-based buffer overflow in Apple QuickTime Player 72022-05-17
CVEList
CVE-2008-5406: Stack-based buffer overflow in Apple QuickTime Player 72008-12-09

💥Exploits & PoCs

1
Exploit-DB
Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflows (PoC)2008-11-30
CVE-2008-5406 — Apple Itunes vulnerability | cvebase