VAR-200209-0001
Vulnerability from variot - Updated: 2025-04-03 22:19Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. A vulnerability has been reported in the Apple QuickTime ActiveX component for Internet Explorer. The issue is a buffer-overrun condition that occurs because the software fails to perform adequate boundary checks of supplied arguments. If the component is invoked with the 'pluginspage' argument set to an overly long string value, the overrun will occur. Successful exploits may allow attacker-supplied instructions to run on affected client systems. Apple QuickTime is a media player that provides high-quality sound and images. The Apple QuickTime ActiveX control is generally used for movie tracking and other streaming and static media technology processing when embedded in a WEB page. This control lacks correct checks on the buffer boundary when processing the \"pluginspage\" field, and remote attackers can use it to build malicious WEB pages, or sending HTML emails to entice users to open them, can cause buffer overflows on the client side. Carefully constructed \"pluginspage\" field data may execute arbitrary instructions on the system with the permissions of the current user process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200209-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime activex component",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime activex component",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "5685"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@stake advisories\u203b advisories@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0376",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4769",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0376",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200209-047",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4769",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4769"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. A vulnerability has been reported in the Apple QuickTime ActiveX component for Internet Explorer. The issue is a buffer-overrun condition that occurs because the software fails to perform adequate boundary checks of supplied arguments. If the component is invoked with the \u0027pluginspage\u0027 argument set to an overly long string value, the overrun will occur. \nSuccessful exploits may allow attacker-supplied instructions to run on affected client systems. Apple QuickTime is a media player that provides high-quality sound and images. The Apple QuickTime ActiveX control is generally used for movie tracking and other streaming and static media technology processing when embedded in a WEB page. This control lacks correct checks on the buffer boundary when processing the \\\"pluginspage\\\" field, and remote attackers can use it to build malicious WEB pages, or sending HTML emails to entice users to open them, can cause buffer overflows on the client side. Carefully constructed \\\"pluginspage\\\" field data may execute arbitrary instructions on the system with the permissions of the current user process",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0376"
},
{
"db": "BID",
"id": "5685"
},
{
"db": "VULHUB",
"id": "VHN-4769"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0376",
"trust": 2.0
},
{
"db": "BID",
"id": "5685",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020925 FWD: QUICKTIME FOR WINDOWS ACTIVEX SECURITY ADVISORY",
"trust": 0.6
},
{
"db": "XF",
"id": "10077",
"trust": 0.6
},
{
"db": "ATSTAKE",
"id": "A091002-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4769",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4769"
},
{
"db": "BID",
"id": "5685"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"id": "VAR-200209-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4769"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:26.524000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.atstake.com/research/advisories/2002/a091002-1.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5685"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/293095"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10077.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4769"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4769"
},
{
"db": "BID",
"id": "5685"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-4769"
},
{
"date": "2002-09-10T00:00:00",
"db": "BID",
"id": "5685"
},
{
"date": "2002-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"date": "2002-09-24T04:00:00",
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4769"
},
{
"date": "2008-03-27T16:19:00",
"db": "BID",
"id": "5685"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200209-047"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime ActiveX Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5685"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-047"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…