Lucene search

SAINT CorporationSAINT:39C1AA350C88B18FBDC56128B19FF6FC

HistoryNov 16, 2012 - 12:00 a.m.

QuickTime plugin MIME type buffer overflow

2012-11-1600:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.6%

JSON

Added: 11/16/2012
CVE: CVE-2012-3753
BID: 56438
OSVDB: 87088

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in the QuickTime plugin allows command execution when a malicious web site sends a long, specially crafted MIME type.

Resolution

Upgrade to QuickTime 7.7.3 or higher.

References

<http://support.apple.com/kb/HT5581>

Limitations

Exploit works on QuickTime 7.7.2 on Windows XP SP3 English (DEP OptIn) with Firefox 3.6.25 and 14.0.1 and requires a user to open the exploit page in Firefox.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.6%

JSON

Related for SAINT:39C1AA350C88B18FBDC56128B19FF6FC