Lucene search

K
kasperskyKaspersky LabKLA10653
HistoryMay 18, 2015 - 12:00 a.m.

KLA10653 Code execution vulnerability in QuickTime

2015-05-1800:00:00
Kaspersky Lab
threats.kaspersky.com
48

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.573

Percentile

97.7%

An unspecified vulnerability was found in QuickTime. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file.

Original advisories

Apple advisory

Related products

Apple-QuickTime

CVE list

CVE-2015-5779 critical

CVE-2015-3791 high

CVE-2015-3790 high

CVE-2015-3792 high

CVE-2015-5751 high

CVE-2015-3789 high

CVE-2015-5785 high

CVE-2015-5786 high

CVE-2015-3788 high

Solution

Update to the latest version

Get Apple QuickTime

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Apple QuickTime versions earlier than 7.7.8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.573

Percentile

97.7%