CVE-2008-4116

Apple Itunes - Memory Corruption

Title source: rule

Description

Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by securfrog · perldosmultiple

https://www.exploit-db.com/exploits/6471

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://securityreason.com/securityalert/4270

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5936

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7995

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6113

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31212

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6471

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45311

Scores

EPSS 0.0959

EPSS Percentile 92.9%

Details

CWE

CWE-119

Status published

Products (2)

apple/itunes 8.0

apple/quicktime 7.5.5

Published Sep 18, 2008

Tracked Since Feb 18, 2026