CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.8%
Added: 07/25/2012
CVE: CVE-2012-0666
BID: 53577
OSVDB: 81937
Apple QuickTime is a media player for Windows and Mac OS platforms.
The QuickTime player browser plugin does not properly validate the language field in QT Movie files. If a malicious QT Movie file were opened via a browser, this could trigger a stack overflow and give an attacker the ability to execute arbitrary code on the targetβs system.
Upgrade to Apple QuickTime Player 7.7.2 or higher.
<http://www.zerodayinitiative.com/advisories/ZDI-12-125/>
<http://lists.apple.com/archives/security-announce/2012/May/msg00005.html>
This exploit has been tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn). The HTML page must be opened using Internet Explorer 8 on the target.
Windows