ID
VAR-200209-0001
CVE
CVE-2002-0376
TITLE
Apple QuickTime ActiveX Remote buffer overflow vulnerability
Trust: 0.6
DESCRIPTION
Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. A vulnerability has been reported in the Apple QuickTime ActiveX component for Internet Explorer. The issue is a buffer-overrun condition that occurs because the software fails to perform adequate boundary checks of supplied arguments. If the component is invoked with the 'pluginspage' argument set to an overly long string value, the overrun will occur. Successful exploits may allow attacker-supplied instructions to run on affected client systems. Apple QuickTime is a media player that provides high-quality sound and images. The Apple QuickTime ActiveX control is generally used for movie tracking and other streaming and static media technology processing when embedded in a WEB page. This control lacks correct checks on the buffer boundary when processing the \"pluginspage\" field, and remote attackers can use it to build malicious WEB pages, or sending HTML emails to entice users to open them, can cause buffer overflows on the client side. Carefully constructed \"pluginspage\" field data may execute arbitrary instructions on the system with the permissions of the current user process
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | apple | model: | quicktime | scope: | eq | version: | 5.0.2 | Trust: 1.6 |
| vendor: | apple | model: | quicktime activex component | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | apple | model: | quicktime activex component | scope: | ne | version: | 6.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Boundary Condition Error
Trust: 0.9
EXTERNAL IDS
| db: | NVD | id: | CVE-2002-0376 | Trust: 2.0 |
| db: | BID | id: | 5685 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200209-047 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20020925 FWD: QUICKTIME FOR WINDOWS ACTIVEX SECURITY ADVISORY | Trust: 0.6 |
| db: | XF | id: | 10077 | Trust: 0.6 |
| db: | ATSTAKE | id: | A091002-1 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-4769 | Trust: 0.1 |
REFERENCES
| url: | http://www.atstake.com/research/advisories/2002/a091002-1.txt | Trust: 1.7 |
| url: | http://www.securityfocus.com/bid/5685 | Trust: 1.7 |
| url: | http://online.securityfocus.com/archive/1/293095 | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/10077.php | Trust: 1.7 |
CREDITS
@stake advisories※ advisories@atstake.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-4769 |
| db: | BID | id: | 5685 |
| db: | CNNVD | id: | CNNVD-200209-047 |
| db: | NVD | id: | CVE-2002-0376 |
LAST UPDATE DATE
2025-04-03T22:19:26.524000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-4769 | date: | 2008-09-10T00:00:00 |
| db: | BID | id: | 5685 | date: | 2008-03-27T16:19:00 |
| db: | CNNVD | id: | CNNVD-200209-047 | date: | 2005-05-13T00:00:00 |
| db: | NVD | id: | CVE-2002-0376 | date: | 2025-04-03T01:03:51.193 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-4769 | date: | 2002-09-24T00:00:00 |
| db: | BID | id: | 5685 | date: | 2002-09-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-200209-047 | date: | 2002-09-24T00:00:00 |
| db: | NVD | id: | CVE-2002-0376 | date: | 2002-09-24T04:00:00 |