Apple QuickTime 'STSZ' Atoms内存破坏漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

BUGTRAQ ID: 31546 CVE ID:CVE-2008-3626 CNCVE ID:CNCVE-20083626 Apple QuickTime是一款流行的媒体处理程序。 Apple QuickTime处理特殊构建的媒体文件存在问题,远程攻击者可以利用漏洞进行缓冲区溢出,可导致以应用程序权限执行任意指令。 问题存在于CallComponentFunctionWithStorage()函数中对STSZ atoms的处理,当sample_size_table中的条目过大时,可触发内存破坏,可能以当前用户上下文执行任意指令。 Apple TV 2.1 Apple TV 2.0 Apple TV 1.1 Apple TV 1.0 Apple QuickTime Player 7.4.5 + Apple Mac OS X 10.4.9 + Apple Mac OS X 10.3.9 + Apple Mac OS X 10.5 + Apple Mac OS X Server 10.4.9 + Apple Mac OS X Server 10.3.9 + Apple Mac OS X Server 10.5 Apple QuickTime Player 7.4.1 Apple QuickTime Player 7.3.1 .70 Apple QuickTime Player 7.3.1 Apple QuickTime Player 7.1.6 Apple QuickTime Player 7.1.5 Apple QuickTime Player 7.1.4 Apple QuickTime Player 7.1.3 Apple QuickTime Player 7.1.2 Apple QuickTime Player 7.1.1 Apple QuickTime Player 7.0.4 Apple QuickTime Player 7.0.3 Apple QuickTime Player 7.0.2 Apple QuickTime Player 7.0.1 Apple QuickTime Player 7.0 Apple QuickTime Player 7.5 Apple QuickTime Player 7.4 Apple QuickTime Player...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息