Lucene search

K

SAINT CorporationSAINT:F0F03BEC42353521491B3E0FEC5724EE

HistoryDec 24, 2012 - 12:00 a.m.

Apple QuickTime TeXML Style Element Buffer Overflow

2012-12-2400:00:00

SAINT Corporation

my.saintcorporation.com

18

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.8%

Added: 12/24/2012
CVE: CVE-2012-3752
BID: 56557
OSVDB: 87087

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime 7.7.2 and earlier is vulnerable to remote code execution due to a failure to perform appropriate boundary checking. A remote attacker who persuades a vulnerable user to open a specially crafted TeXML file could execute arbitrary code with the rights of the compromised user.

Resolution

Upgrade to Apple QuickTime 7.7.3 or later.

References

<http://support.apple.com/kb/HT5581>
<http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html>

Limitations

This exploit has been tested against Apple Quicktime 7.7.2 on Microsoft Windows XP SP3 English (DEP OptIn).

The user with the vulnerable version of QuickTime must open a specially crafted TeXML file in Internet Explorer 7.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.8%

Related for SAINT:F0F03BEC42353521491B3E0FEC5724EE

nvd1 saint3 cvelist1 checkpoint_advisories1 cve1 packetstorm1 prion1 seebug1 openvas2 securityvulns2 nessus3 threatpost1