9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%
Added: 12/24/2012
CVE: CVE-2012-3752
BID: 56557
OSVDB: 87087
QuickTime is a media player for Windows and Mac OS platforms.
Apple QuickTime 7.7.2 and earlier is vulnerable to remote code execution due to a failure to perform appropriate boundary checking. A remote attacker who persuades a vulnerable user to open a specially crafted TeXML file could execute arbitrary code with the rights of the compromised user.
Upgrade to Apple QuickTime 7.7.3 or later.
<http://support.apple.com/kb/HT5581>
<http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html>
This exploit has been tested against Apple Quicktime 7.7.2 on Microsoft Windows XP SP3 English (DEP OptIn).
The user with the vulnerable version of QuickTime must open a specially crafted TeXML file in Internet Explorer 7.
Windows