Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Apr 23, 2026
CVE-2008-4116
CVE-2008-4116
Description
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
Affected products
2- cpe:2.3:a:apple:itunes:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- securityreason.com/securityalert/4270nvd
- www.securityfocus.com/bid/31212nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45311nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5936nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6113nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7995nvd
- www.exploit-db.com/exploits/6471nvd
News mentions
0No linked articles in our index yet.