9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Added: 08/01/2013
CVE: CVE-2013-1017
BID: 60097
OSVDB: 93625
QuickTime is a media player for Windows and Mac OS platforms.
Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote attacker who persuades a vulnerable user to open a movie file with specially crafted **dref**
atoms could execute arbitrary code with the rights of the compromised user.
Upgrade to Apple QuickTime 7.7.4 or later.
<http://support.apple.com/kb/HT5770>
This exploit was tested against Apple QuickTime 7.7.3 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit in Internet Explorer 8.
Windows