Vulners
Lucene search
Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (2)
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Apple QuickTime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2 | 30 Mar 201600:00 | – | zdt |
 | Mac OS X < 10.11.4 Multiple Vulnerabilities | 2 Sep 201600:00 | – | nessus |
| Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities | 27 May 201600:00 | – | nessus |
| Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities | 22 Mar 201600:00 | – | nessus |
 | About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 | 21 Mar 201600:00 | – | apple |
| About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support | 23 Jan 201703:54 | – | apple |
 | CVE-2016-1768 | 30 Mar 201600:00 | – | circl |
 | Apple OS X QuickTime memory corruption vulnerability (CNVD-2016-01898) | 25 Mar 201600:00 | – | cnvd |
 | CVE-2016-1768 | 24 Mar 201601:00 | – | cve |
 | CVE-2016-1768 | 24 Mar 201601:00 | – | cvelist |
10
#####################################################################################
Application: Apple Quicktime
Platforms: Windows, OSX
Versions: before version 7.7.79.80.95
Author: Francis Provencher of COSIG
Website: http://www.protekresearchlab.com/
Twitter: @COSIG_ @protekresearch
CVE-2016-1768
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
QuickTime is an extensible multimedia framework developed by Apple Inc., capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity. The classic version of QuickTime is available for Windows Vista and later, as well as Mac OS X Leopard and later operating systems. A more recent version, QuickTime X, is currently available on Mac OS X Snow Leopard and newer.
(https://en.wikipedia.org/wiki/QuickTime)
#####################################################################################
============================
2) Report Timeline
============================
2016-01-07: Francis Provencher from COSIG report issue to Apple security team;
2016-01-13: Apple security team confirmed this issue;
2016-03-22: Apple fixed this issue;
https://support.apple.com/en-us/HT206167
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
By providing a malformed FPX file, an attacker is able to create controlled memory corruption, and execute code in the context of the current user.
#####################################################################################
===========
4) POC
===========
http://protekresearchlab.com/exploits/COSIG-2016-15.fpx
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39634.zip
###############################################################################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Mar 2016 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 26.8
CVSS 37.8
EPSS0.08571