Vulnerability Description
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Vista | - |
| Microsoft | Windows Xp | All versions |
| Apple | Quicktime | All versions |
References
- http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/
- http://www.securityfocus.com/bid/28959
- http://www.securitytracker.com/id?1019950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42098
- http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/
- http://www.securityfocus.com/bid/28959
- http://www.securitytracker.com/id?1019950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42098
FAQ
What is CVE-2008-2010?
CVE-2008-2010 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the onl...
How severe is CVE-2008-2010?
CVE-2008-2010 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2010?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Vista, Microsoft Windows Xp, Apple Quicktime.