Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:61D608A80FB0024ECD1423DF0A7E5F5B
HistoryJul 25, 2012 - 12:00 a.m.

Apple QuickTime SetLanguage Overflow

2012-07-2500:00:00
SAINT Corporation
download.saintcorporation.com
13

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.146

Percentile

95.8%

JSON

Added: 07/25/2012
CVE: CVE-2012-0666
BID: 53577
OSVDB: 81937

Background

Apple QuickTime is a media player for Windows and Mac OS platforms.

Problem

The QuickTime player browser plugin does not properly validate the language field in QT Movie files. If a malicious QT Movie file were opened via a browser, this could trigger a stack overflow and give an attacker the ability to execute arbitrary code on the target’s system.

Resolution

Upgrade to Apple QuickTime Player 7.7.2 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-125/&gt;
<http://lists.apple.com/archives/security-announce/2012/May/msg00005.html&gt;

Limitations

This exploit has been tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn). The HTML page must be opened using Internet Explorer 8 on the target.

Platforms

Windows

Related

checkpoint_advisories 1
cvelist 1
securityvulns 3
cve 1
saint 3
nvd 1
prion 1
zdi 1
seebug 1
nessus 3
openvas 2
checkpoint_advisories
checkpoint_advisories
Apple QuickTime Plugin SetLanguage Buffer Overflow (CVE-2012-0666)
2012-10-14 00:00:00
cvelist
cvelist
CVE-2012-0666
2012-05-16 01:00:00
securityvulns
securityvulns
ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability
2012-07-16 00:00:00
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
2012-05-21 00:00:00
Apple QuickTime multiple security vulnerabilities
2012-08-27 00:00:00
cve
cve
CVE-2012-0666
2012-05-16 10:12:57
saint
saint
Apple QuickTime SetLanguage Overflow
2012-07-25 00:00:00
Apple QuickTime SetLanguage Overflow
2012-07-25 00:00:00
Apple QuickTime SetLanguage Overflow
2012-07-25 00:00:00
nvd
nvd
CVE-2012-0666
2012-05-16 10:12:57
prion
prion
Stack overflow
2012-05-16 10:12:00
zdi
zdi
Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability
2012-07-12 00:00:00
seebug
seebug
Apple QuickTime 7.7.2δΉ‹ε‰η‰ˆζœ¬ε€šδΈͺθΏœη¨‹δ»»ζ„δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-05-17 00:00:00
nessus
nessus
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities (Windows)
2012-05-16 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - (Windows)
2012-05-18 00:00:00
Apple QuickTime Multiple Vulnerabilities - Windows
2012-05-18 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.146

Percentile

95.8%

JSON
Related for SAINT:61D608A80FB0024ECD1423DF0A7E5F5B
checkpoint_advisories1cvelist1securityvulns3cve1saint3nvd1prion1zdi1seebug1nessus3openvas2