Lucene search

SAINT CorporationSAINT:D1522FE0B374B2A0AC4345CF8D28C46F

HistoryNov 16, 2012 - 12:00 a.m.

QuickTime plugin MIME type buffer overflow

2012-11-1600:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 11/16/2012
CVE: CVE-2012-3753
BID: 56438
OSVDB: 87088

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in the QuickTime plugin allows command execution when a malicious web site sends a long, specially crafted MIME type.

Resolution

Upgrade to QuickTime 7.7.3 or higher.

References

<http://support.apple.com/kb/HT5581>

Limitations

Exploit works on QuickTime 7.7.2 on Windows XP SP3 English (DEP OptIn) with Firefox 3.6.25 and 14.0.1 and requires a user to open the exploit page in Firefox.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Related for SAINT:D1522FE0B374B2A0AC4345CF8D28C46F