What is the severity of CVE-2009-0002?

CVE-2009-0002 is considered a high severity vulnerability due to its potential for causing application termination and possible remote code execution.

How do I fix CVE-2009-0002?

To fix CVE-2009-0002, upgrade to Apple QuickTime version 7.6 or later.

What kind of attack does CVE-2009-0002 enable?

CVE-2009-0002 enables remote attackers to execute arbitrary code by exploiting a heap-based buffer overflow via crafted QTVR movie files.

Which versions of QuickTime are affected by CVE-2009-0002?

CVE-2009-0002 affects all versions of Apple QuickTime prior to 7.6, including 7.5.5 and earlier.

Is CVE-2009-0002 a local or remote vulnerability?

CVE-2009-0002 is a remote vulnerability that can be exploited using specially crafted files.

Vulnerability/
CVE-2009-0002

critical

9.3

CWE

119

21/1/2009

7/8/2024

CVE-2009-0002: Buffer Overflow

First published: Wed Jan 21 2009(Updated: )

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apple QuickTime	<=7.5.5
Apple QuickTime
Apple QuickTime	=3.0
Apple QuickTime	=4.1.2
Apple QuickTime	=5.0
Apple QuickTime	=5.0.1
Apple QuickTime	=5.0.2
Apple QuickTime	=6.0
Apple QuickTime	=6.1
Apple QuickTime	=6.5
Apple QuickTime	=6.5.1
Apple QuickTime	=6.5.2
Apple QuickTime	=7.0
Apple QuickTime	=7.0.1
Apple QuickTime	=7.0.2
Apple QuickTime	=7.0.3
Apple QuickTime	=7.0.4
Apple QuickTime	=7.1
Apple QuickTime	=7.1.1
Apple QuickTime	=7.1.2
Apple QuickTime	=7.1.3
Apple QuickTime	=7.1.4
Apple QuickTime	=7.1.5
Apple QuickTime	=7.1.6
Apple QuickTime	=7.2
Apple QuickTime	=7.3
Apple QuickTime	=7.3.1
Apple QuickTime	=7.3.1.70
Apple QuickTime	=7.4
Apple QuickTime	=7.4.1
Apple QuickTime	=7.4.4
Apple QuickTime	=7.4.5
Apple QuickTime	=7.5
Apple iOS and macOS	=10.4.9
Apple iOS and macOS	=10.5
Apple iOS and macOS	=10.5.1
Apple iOS and macOS	=10.5.2
Apple iOS and macOS	=10.5.3
Apple iOS and macOS	=10.5.4
Apple iOS and macOS	=10.5.5
Microsoft Windows Vista
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3

Remedy

http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0002?
CVE-2009-0002 is considered a high severity vulnerability due to its potential for causing application termination and possible remote code execution.
How do I fix CVE-2009-0002?
To fix CVE-2009-0002, upgrade to Apple QuickTime version 7.6 or later.
What kind of attack does CVE-2009-0002 enable?
CVE-2009-0002 enables remote attackers to execute arbitrary code by exploiting a heap-based buffer overflow via crafted QTVR movie files.
Which versions of QuickTime are affected by CVE-2009-0002?
CVE-2009-0002 affects all versions of Apple QuickTime prior to 7.6, including 7.5.5 and earlier.
Is CVE-2009-0002 a local or remote vulnerability?
CVE-2009-0002 is a remote vulnerability that can be exploited using specially crafted files.

collector/nvd-historical
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/remedy
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/apple quicktime
version/apple quicktime/7.5.5
version/apple quicktime/3.0
version/apple quicktime/4.1.2
version/apple quicktime/5.0
version/apple quicktime/5.0.1
version/apple quicktime/5.0.2
version/apple quicktime/6.0
version/apple quicktime/6.1
version/apple quicktime/6.5
version/apple quicktime/6.5.1
version/apple quicktime/6.5.2
version/apple quicktime/7.0
version/apple quicktime/7.0.1
version/apple quicktime/7.0.2
version/apple quicktime/7.0.3
version/apple quicktime/7.0.4
version/apple quicktime/7.1
version/apple quicktime/7.1.1
version/apple quicktime/7.1.2
version/apple quicktime/7.1.3
version/apple quicktime/7.1.4
version/apple quicktime/7.1.5
version/apple quicktime/7.1.6
version/apple quicktime/7.2
version/apple quicktime/7.3
version/apple quicktime/7.3.1
version/apple quicktime/7.3.1.70
version/apple quicktime/7.4
version/apple quicktime/7.4.1
version/apple quicktime/7.4.4
version/apple quicktime/7.4.5
version/apple quicktime/7.5
canonical/apple ios and macos
version/apple ios and macos/10.4.9
version/apple ios and macos/10.5
version/apple ios and macos/10.5.1
version/apple ios and macos/10.5.2
version/apple ios and macos/10.5.3
version/apple ios and macos/10.5.4
version/apple ios and macos/10.5.5
vendor/microsoft
canonical/microsoft windows vista
canonical/microsoft windows xp
version/microsoft windows xp/sp2
version/microsoft windows xp/sp3