Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:F2757A9CDDEE99C0FB8D071F17962838
HistoryAug 29, 2011 - 12:00 a.m.

QuickTime PICT PnSize Stack Overflow

2011-08-2900:00:00
SAINT Corporation
download.saintcorporation.com
17

0.959 High

EPSS

Percentile

99.5%

JSON

Added: 08/29/2011
CVE: CVE-2011-0257
BID: 49144
OSVDB: 74687

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime versions prior to 7.7 are vulnerable to a stack overflow cause by improper validation of very large values in the the PnSize field of PICT files.

Resolution

Upgrade to Apple QuickTime 7.7 or later.

References

<http://support.apple.com/kb/HT4826&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-11-252/&gt;

Limitations

This exploit has been tested against Apple QuickTime Player 7.6.9 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows

Related

seebug 3
saint 3
cvelist 1
prion 1
metasploit 1
securityvulns 2
zdi 1
packetstorm 2
checkpoint_advisories 1
cve 1
exploitdb 2
openvas 2
nessus 2
seebug
seebug
QQPLAYER PICT PnSize Buffer Overflow WIN7 DEP_ASLR BYPASS
2011-11-21 00:00:00
Apple QuickTime PICTζ–‡δ»Άζ ˆηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2011-08-15 00:00:00
Apple QuickTime PICT PnSize Buffer Overflow
2014-07-01 00:00:00
saint
saint
QuickTime PICT PnSize Stack Overflow
2011-08-29 00:00:00
QuickTime PICT PnSize Stack Overflow
2011-08-29 00:00:00
QuickTime PICT PnSize Stack Overflow
2011-08-29 00:00:00
cvelist
cvelist
CVE-2011-0257
2011-08-15 21:00:00
prion
prion
Integer overflow
2011-08-15 21:55:00
metasploit
metasploit
Apple QuickTime PICT PnSize Buffer Overflow
2011-09-03 21:17:58
securityvulns
securityvulns
ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
2011-08-17 00:00:00
Apple QuickTime multiple security vulnerabilities
2011-09-05 00:00:00
zdi
zdi
Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
2011-08-08 00:00:00
packetstorm
packetstorm
Apple QuickTime PICT PnSize Buffer Overflow
2011-09-04 00:00:00
QQPLAYER PICT PnSize Buffer Overflow
2011-11-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow (CVE-2011-0257)
2011-11-01 00:00:00
cve
cve
CVE-2011-0257
2011-08-15 21:55:01
exploitdb
exploitdb
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)
2011-11-21 00:00:00
Apple QuickTime - PICT PnSize Buffer Overflow (Metasploit)
2011-09-03 00:00:00
openvas
openvas
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
2011-08-18 00:00:00
Apple QuickTime Multiple Buffer Overflow Vulnerabilities - Windows
2011-08-18 00:00:00
nessus
nessus
QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)
2011-08-04 00:00:00
QuickTime < 7.7 Multiple Vulnerabilities (Windows)
2011-08-04 00:00:00

0.959 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:F2757A9CDDEE99C0FB8D071F17962838
seebug3saint3cvelist1prion1metasploit1securityvulns2zdi1packetstorm2checkpoint_advisories1cve1exploitdb2openvas2nessus2