Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:7488E2C40CF64BFFA0E41586996F14D1
HistoryAug 01, 2013 - 12:00 a.m.

QuickTime Movie File dref Atom Handling Buffer Overflow

2013-08-0100:00:00
SAINT Corporation
my.saintcorporation.com
22

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Added: 08/01/2013
CVE: CVE-2013-1017
BID: 60097
OSVDB: 93625

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote attacker who persuades a vulnerable user to open a movie file with specially crafted **dref** atoms could execute arbitrary code with the rights of the compromised user.

Resolution

Upgrade to Apple QuickTime 7.7.4 or later.

References

<http://support.apple.com/kb/HT5770&gt;

Limitations

This exploit was tested against Apple QuickTime 7.7.3 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8.

Platforms

Windows

Related

seebug 1
packetstorm 1
cve 1
zdi 1
saint 3
checkpoint_advisories 1
zdt 1
prion 1
securityvulns 2
nessus 3
openvas 2
kaspersky 1
seebug
seebug
Apple QuickTime η•Έε½’MOVζ–‡δ»Άε€„η†ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž(CVE-2013-1017)
2013-08-05 00:00:00
packetstorm
packetstorm
Apple Quicktime 7 Invalid Atom Length Buffer Overflow
2013-07-18 00:00:00
cve
cve
CVE-2013-1017
2013-05-24 16:43:00
zdi
zdi
Apple QuickTime dref Volume Name Parsing Remote Code Execution Vulnerability
2013-05-30 00:00:00
saint
saint
QuickTime Movie File dref Atom Handling Buffer Overflow
2013-08-01 00:00:00
QuickTime Movie File dref Atom Handling Buffer Overflow
2013-08-01 00:00:00
QuickTime Movie File dref Atom Handling Buffer Overflow
2013-08-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime alis Volume Name Parsing Stack Buffer Overflow (CVE-2013-1017)
2013-09-22 00:00:00
zdt
zdt
Apple Quicktime 7 Invalid Atom Length Buffer Overflow Vulnerability
2013-07-19 00:00:00
prion
prion
Buffer overflow
2013-05-24 16:43:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
2013-05-27 00:00:00
nessus
nessus
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-28 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)
2013-05-23 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - June13 (Windows)
2013-06-07 00:00:00
Apple QuickTime Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-07 00:00:00
kaspersky
kaspersky
KLA10017 Multiple vulnerabilities in Apple QuickTime
2013-05-22 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:7488E2C40CF64BFFA0E41586996F14D1
seebug1packetstorm1cve1zdi1saint3checkpoint_advisories1zdt1prion1securityvulns2nessus3openvas2kaspersky1