Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:32367904EF590FCC6E6A788FADB11A13
HistoryAug 29, 2011 - 12:00 a.m.

QuickTime PICT PnSize Stack Overflow

2011-08-2900:00:00
SAINT Corporation
www.saintcorporation.com
15

0.965 High

EPSS

Percentile

99.5%

JSON

Added: 08/29/2011
CVE: CVE-2011-0257
BID: 49144
OSVDB: 74687

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime versions prior to 7.7 are vulnerable to a stack overflow cause by improper validation of very large values in the the PnSize field of PICT files.

Resolution

Upgrade to Apple QuickTime 7.7 or later.

References

<http://support.apple.com/kb/HT4826&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-11-252/&gt;

Limitations

This exploit has been tested against Apple QuickTime Player 7.6.9 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows

Related

seebug 3
prion 1
saint 3
metasploit 1
securityvulns 2
packetstorm 2
zdi 1
cvelist 1
checkpoint_advisories 1
cve 1
exploitdb 2
openvas 2
nessus 2
seebug
seebug
Apple QuickTime PICT文件栈缓冲区溢出漏洞
2011-08-15 00:00:00
QQPLAYER PICT PnSize Buffer Overflow WIN7 DEP_ASLR BYPASS
2011-11-21 00:00:00
Apple QuickTime PICT PnSize Buffer Overflow
2014-07-01 00:00:00
prion
prion
Integer overflow
2011-08-15 21:55:00
saint
saint
QuickTime PICT PnSize Stack Overflow
2011-08-29 00:00:00
QuickTime PICT PnSize Stack Overflow
2011-08-29 00:00:00
QuickTime PICT PnSize Stack Overflow
2011-08-29 00:00:00
metasploit
metasploit
Apple QuickTime PICT PnSize Buffer Overflow
2011-09-03 21:17:58
securityvulns
securityvulns
ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
2011-08-17 00:00:00
Apple QuickTime multiple security vulnerabilities
2011-09-05 00:00:00
packetstorm
packetstorm
Apple QuickTime PICT PnSize Buffer Overflow
2011-09-04 00:00:00
QQPLAYER PICT PnSize Buffer Overflow
2011-11-21 00:00:00
zdi
zdi
Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
2011-08-08 00:00:00
cvelist
cvelist
CVE-2011-0257
2011-08-15 21:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow (CVE-2011-0257)
2011-11-01 00:00:00
cve
cve
CVE-2011-0257
2011-08-15 21:55:00
exploitdb
exploitdb
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)
2011-11-21 00:00:00
Apple QuickTime - PICT PnSize Buffer Overflow (Metasploit)
2011-09-03 00:00:00
openvas
openvas
Apple QuickTime Multiple Buffer Overflow Vulnerabilities - Windows
2011-08-18 00:00:00
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
2011-08-18 00:00:00
nessus
nessus
QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)
2011-08-04 00:00:00
QuickTime < 7.7 Multiple Vulnerabilities (Windows)
2011-08-04 00:00:00

0.965 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:32367904EF590FCC6E6A788FADB11A13
seebug3prion1saint3metasploit1securityvulns2packetstorm2zdi1cvelist1checkpoint_advisories1cve1exploitdb2openvas2nessus2