VAR-200304-0024
Vulnerability from variot - Updated: 2025-04-03 22:21Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. Apple's QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. It has been reported that the QuickTime Player does not properly handle some types of URLs. Apple QuickTime Player is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. When the player processes the QuickTime URL, the application will extract the key value HKEY_CLASSES_ROOT/quicktime from the Windows registry key: \%PATH TO QUICKTIME\%\QuickTimePlayer.exe -u\"\%1\" When the URL contains 400 character will destroy the buffer space allocated in the stack and overwrite the saved instruction pointer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200304-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112553"
},
{
"db": "BID",
"id": "7247"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE Security Advisory\u203b labs@idefense.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0168",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6998",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0168",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#112553",
"trust": 0.8,
"value": "15.68"
},
{
"author": "CNNVD",
"id": "CNNVD-200304-040",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6998",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112553"
},
{
"db": "VULHUB",
"id": "VHN-6998"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. Apple\u0027s QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. It has been reported that the QuickTime Player does not properly handle some types of URLs. Apple QuickTime Player is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. When the player processes the QuickTime URL, the application will extract the key value HKEY_CLASSES_ROOT/quicktime from the Windows registry key: \\\\%PATH TO QUICKTIME\\\\%\\QuickTimePlayer.exe -u\\\"\\\\%1\\\" When the URL contains 400 character will destroy the buffer space allocated in the stack and overwrite the saved instruction pointer",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0168"
},
{
"db": "CERT/CC",
"id": "VU#112553"
},
{
"db": "BID",
"id": "7247"
},
{
"db": "VULHUB",
"id": "VHN-6998"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#112553",
"trust": 2.5
},
{
"db": "BID",
"id": "7247",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-0168",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "10561",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030401 IDEFENSE SECURITY ADVISORY 03.31.03: BUFFER OVERFLOW IN WINDOWS QUICKTIME PLAYER",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030401 FWD: QUICKTIME 6.1 FOR WINDOWS IS AVAILABLE",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20030331 IDEFENSE SECURITY ADVISORY 03.31.03: BUFFER OVERFLOW IN WINDOWS QUICKTIME PLAYER",
"trust": 0.6
},
{
"db": "XF",
"id": "11671",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6998",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112553"
},
{
"db": "VULHUB",
"id": "VHN-6998"
},
{
"db": "BID",
"id": "7247"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"id": "VAR-200304-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6998"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:21:58.277000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7247"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/112553"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00027.html"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/advisory/03.31.03.txt"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/10561"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/317141/30/25220/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/317148/30/25220/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11671"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11671"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/317148/30/25220/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/317141/30/25220/threaded"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/application/poi/display?id=15\u0026type=vulnerabilities"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112553"
},
{
"db": "VULHUB",
"id": "VHN-6998"
},
{
"db": "BID",
"id": "7247"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#112553"
},
{
"db": "VULHUB",
"id": "VHN-6998"
},
{
"db": "BID",
"id": "7247"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-01T00:00:00",
"db": "CERT/CC",
"id": "VU#112553"
},
{
"date": "2003-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-6998"
},
{
"date": "2003-03-31T00:00:00",
"db": "BID",
"id": "7247"
},
{
"date": "2003-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"date": "2003-04-02T05:00:00",
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-01T00:00:00",
"db": "CERT/CC",
"id": "VU#112553"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-6998"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7247"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-040"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs",
"sources": [
{
"db": "CERT/CC",
"id": "VU#112553"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "7247"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-040"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…