9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Added: 11/16/2012
CVE: CVE-2012-3753
BID: 56438
OSVDB: 87088
QuickTime is a media player for Windows and Mac OS platforms.
A buffer overflow vulnerability in the QuickTime plugin allows command execution when a malicious web site sends a long, specially crafted MIME type.
Upgrade to QuickTime 7.7.3 or higher.
<http://support.apple.com/kb/HT5581>
Exploit works on QuickTime 7.7.2 on Windows XP SP3 English (DEP OptIn) with Firefox 3.6.25 and 14.0.1 and requires a user to open the exploit page in Firefox.
Windows