Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-316\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3251\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime processes the matrix\r\nstructures in the 'tkhd' atom for mp4 files. When the matrix structure\r\ncontains large values a movs instruction can turn the value negative.\r\nWhen Quicktime later uses the function to determine where it should\r\nwrite its data it does check the upper boundaries, but not the lower\r\nones causing a heap buffer underwrite. This can result in remote code\r\nexecution under the context of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Damian Put\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3251"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27229", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27229", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-26-1 QuickTime 7.7.1\r\n\r\nQuickTime 7.7.1 is now available and addresses the following:\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files. For OS X Lion systems, this issue is\r\naddressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this\r\nissue is addressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files. For OS\r\nX Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac\r\nOS X v10.6 systems, this issue is addressed in Security Update\r\n2011-006.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file. For OS X Lion systems,\r\nthis issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6\r\nsystems, this issue is addressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is addressed by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems. For Mac\r\nOS X v10.6 systems, this issue is addressed in Security Update\r\n2011-006.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files. For OS X Lion systems, this issue is addressed in OS\r\nX Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed\r\nin Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files. For OS X Lion systems, this issue is addressed in OS X\r\nLion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in\r\nSecurity Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files. For OS X Lion systems, these\r\nissues are addressed in OS X Lion v10.7.2. For Mac OS X v10.6\r\nsystems, these issues are addressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted PICT file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nPICT files. This issue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of font\r\ntables embedded in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in the handling of FLC\r\nencoded movie files.\r\nCVE-ID\r\nCVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nJPEG2000 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nTKHD atoms in QuickTime movie files. This issue does not affect Mac\r\nOS X systems.\r\nCVE-ID\r\nCVE-2011-3251 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\n\r\nQuickTime 7.7.1 may be obtained from the QuickTime Downloads site:\r\nhttp://www.apple.com/quicktime/download/\r\n\r\nThe download file is named: "QuickTimeInstaller.exe"\r\nIts SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv\r\nCFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu\r\nvpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk\r\nW4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p\r\nZ+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53\r\ni3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=\r\n=LmVu\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-10-26-1 QuickTime 7.7.1", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27218", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27218", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:10:38", "description": "Multiple memory corruption on different multimedia formats parsing, crossite scripting.", "cvss3": {}, "published": "2012-08-20T00:00:00", "type": "securityvulns", "title": "Apple QuickTime multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2012-08-20T00:00:00", "id": "SECURITYVULNS:VULN:12002", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12002", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:58:42", "description": "BUGTRAQ ID: 50403\r\nCVE ID: CVE-2011-3251\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nApple QuickTime 7.7.1\u4e4b\u524d\u7248\u672c\u5728\u5904\u7406\u7279\u5236\u89c6\u9891\u6587\u4ef6\u65f6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5bfc\u81f4\u5e94\u7528\u610f\u5916\u7ec8\u6b62\u3002\u6b64\u6f0f\u6d1e\u4e0d\u5f71\u54cdMac OS X\u7cfb\u7edf\u3002\n\nApple QuickTime Player 7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-28T00:00:00", "title": "Apple QuickTime 7.7.1\u4e4b\u524d\u7248\u672cTKHD \u5143\u7d20\u5904\u7406\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3251"], "modified": "2011-10-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23145", "id": "SSV:23145", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2023-05-26T15:22:36", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. When Quicktime later uses the function to determine where it should write its data it does check the upper boundaries, but not the lower ones causing a heap buffer underwrite. This can result in remote code execution under the context of the current user.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3251"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-316", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-316/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:23:25", "description": "Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :\n\n - A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)\n\n - An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)\n\n - An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)\n\n - A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)\n\n - A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)\n\n - A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)\n\n - Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)\n\n - An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)\n\n - A signedness issue exists in the handling of font tables embedded n QuickTime movie files.\n\n - A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)\n\n - An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)\n\n - A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "nessus", "title": "QuickTime < 7.7.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"], "modified": "2011-10-27T00:00:00", "cpe": [], "id": "801196.PRM", "href": "https://www.tenable.com/plugins/lce/801196", "sourceData": "Binary data 801196.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:27", "description": "Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :\n\n - A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)\n\n - An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)\n\n - An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)\n\n - A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)\n\n - A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)\n\n - A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)\n\n - Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)\n\n - An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)\n\n - A signedness issue exists in the handling of font tables embedded n QuickTime movie files.\n\n - A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)\n\n - An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)\n\n - A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "nessus", "title": "QuickTime < 7.7.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apple:quicktime"], "id": "6052.PRM", "href": "https://www.tenable.com/plugins/nnm/6052", "sourceData": "Binary data 6052.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:39", "description": "The version of QuickTime installed on the remote Windows host is older than 7.7.1 and may be affected by the following vulnerabilities :\n\n - A cross-site scripting issue exists in HTML files generated by the 'Save for Web' export feature.\n (CVE-2011-3218)\n\n - A buffer overflow error exists in the handling of H.264 encoded video files. (CVE-2011-3219)\n\n - An error exists in the processing of URL data handlers in movie files and can allow access to uninitialized areas of memory. (CVE-2011-3220)\n\n - An error exists in the handling of the 'atoms' hierarchy as well as 'TKHD atoms' in movie files.\n (CVE-2011-3221, CVE-2011-3251)\n\n - Buffer overflow errors exist in the processing of of FlashPix, FLIC, PICT and FLC-encoded files. (CVE-2011-3222, CVE-2011-3223, CVE-2011-3247, CVE-2011-3249)\n\n - An unspecified error can allow memory corruption when viewing certain video files. (CVE-2011-3228)\n\n - An error related to signedness exists in the handling of font tables in QuickTime video files. (CVE-2011-3248)\n\n - An integer overflow error exists in the handling of JPEG2000 encoded video files. (CVE-2011-3250)", "cvss3": {}, "published": "2011-10-28T00:00:00", "type": "nessus", "title": "QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apple:quicktime"], "id": "QUICKTIME_771.NASL", "href": "https://www.tenable.com/plugins/nessus/56667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56667);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3228\",\n \"CVE-2011-3247\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3251\"\n );\n script_bugtraq_id(\n 50068,\n 50100,\n 50101,\n 50122,\n 50127,\n 50130,\n 50131,\n 50399,\n 50400,\n 50401,\n 50403,\n 50404\n );\n\n script_name(english:\"QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks version of QuickTime on Windows\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains an application that may be affected\nby multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of QuickTime installed on the remote Windows host is\nolder than 7.7.1 and may be affected by the following \nvulnerabilities :\n\n - A cross-site scripting issue exists in HTML files\n generated by the 'Save for Web' export feature.\n (CVE-2011-3218)\n\n - A buffer overflow error exists in the handling of\n H.264 encoded video files. (CVE-2011-3219)\n\n - An error exists in the processing of URL data handlers \n in movie files and can allow access to uninitialized \n areas of memory. (CVE-2011-3220)\n\n - An error exists in the handling of the 'atoms' \n hierarchy as well as 'TKHD atoms' in movie files.\n (CVE-2011-3221, CVE-2011-3251)\n\n - Buffer overflow errors exist in the processing of\n of FlashPix, FLIC, PICT and FLC-encoded files. \n (CVE-2011-3222, CVE-2011-3223, CVE-2011-3247, \n CVE-2011-3249)\n\n - An unspecified error can allow memory corruption when\n viewing certain video files. (CVE-2011-3228)\n\n - An error related to signedness exists in the handling \n of font tables in QuickTime video files. (CVE-2011-3248)\n\n - An integer overflow error exists in the handling of \n JPEG2000 encoded video files. (CVE-2011-3250)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-313/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-314/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-315/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-316/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT5016\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to QuickTime 7.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"SMB/QuickTime/\";\n\nversion = get_kb_item_or_exit(kb_base+\"Version\");\nversion_ui = get_kb_item(kb_base+\"Version_UI\");\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nfixed_version = \"7.71.80.42\";\nfixed_version_ui = \"7.7.1 (1680.42)\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n set_kb_item(name: 'www/0/XSS', value: TRUE);\n if (report_verbosity > 0)\n {\n path = get_kb_item(kb_base+\"Path\");\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : '+fixed_version_ui+'\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The QuickTime \"+version_report+\" install on the host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-03-03T21:01:07", "description": "The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3428", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310802198", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:quicktime\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802198\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2011-3219\", \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3218\",\n \"CVE-2011-3222\", \"CVE-2011-3223\", \"CVE-2011-3228\", \"CVE-2011-3247\",\n \"CVE-2011-3248\", \"CVE-2011-3249\", \"CVE-2011-3250\", \"CVE-2011-3251\",\n \"CVE-2011-3428\");\n script_bugtraq_id(50068, 50130, 50131, 50122, 50100, 50101, 50127, 50399, 50400,\n 50404, 50401, 50403);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_name(\"Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5016\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-314/\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-315/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"QuickTime/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service via crafted files.\");\n\n script_tag(name:\"affected\", value:\"QuickTime Player version prior to 7.7.1.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A integer overflow while handling the PICT files and JPEG2000 encoded\n movie files.\n\n - A signedness issue existed in the handling of font tables embedded in\n QuickTime movie files.\n\n - A buffer overflow issue while handling FLIC files, FlashPix files and FLC\n and RLE encoded movie files.\n\n - A memory corruption issue, while handling of TKHD atoms in QuickTime\n movie files.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to QuickTime Player version 7.7.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"7.7.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.7.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:36", "description": "The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3428", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:802198", "href": "http://plugins.openvas.org/nasl.php?oid=802198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service via crafted files.\n Impact Level: System/Application\";\ntag_affected = \"QuickTime Player version prior to 7.7.1\";\ntag_insight = \"The flaws are due to\n - A integer overflow while handling the PICT files and JPEG2000 encoded\n movie files.\n - A signedness issue existed in the handling of font tables embedded in\n QuickTime movie files.\n - A buffer overflow issue while handling FLIC files, FlashPix files and FLC\n and RLE encoded movie files.\n - A memory corruption issue, while handling of TKHD atoms in QuickTime\n movie files.\";\ntag_solution = \"Upgrade to QuickTime Player version 7.7.1 or later,\n For updates refer to http://www.apple.com/quicktime/download/\";\ntag_summary = \"The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(802198);\n script_version(\"$Revision: 7015 $\");\n script_cve_id(\"CVE-2011-3219\", \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3218\",\n \"CVE-2011-3222\", \"CVE-2011-3223\", \"CVE-2011-3228\", \"CVE-2011-3247\",\n \"CVE-2011-3248\", \"CVE-2011-3249\", \"CVE-2011-3250\", \"CVE-2011-3251\",\n \"CVE-2011-3428\");\n script_bugtraq_id(50068, 50130, 50131, 50122, 50100, 50101, 50127, 50399, 50400,\n 50404, 50401, 50403);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_name(\"Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5016\");\n script_xref(name : \"URL\" , value : \"http://www.zerodayinitiative.com/advisories/ZDI-11-314/\");\n script_xref(name : \"URL\" , value : \"http://www.zerodayinitiative.com/advisories/ZDI-11-315/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_require_keys(\"QuickTime/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nquickVer = get_kb_item(\"QuickTime/Win/Ver\");\nif(!quickVer){\n exit(0);\n}\n\n## Check for QuickTime Playe Version less than 7.7.1\nif(version_is_less(version:quickVer, test_version:\"7.7.1\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
CVE-2011-3251
