Lucene search
AnonymousZDI-10-255HistoryNov 10, 2010 - 12:00 a.m.
Apple QuickTime m1s Parsing Remote Code Execution Vulnerability
2010-11-1000:00:00
Anonymous
www.zerodayinitiative.com
10
0.062 Low
EPSS
Percentile
93.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the quicktime.qtx. When handling the m1s atom an integer value is used as an offset into a buffer. Minimal validation is done and an attacker can supply a negative value. This can be used to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
Related
cvelist
cvelist
CVE-2010-3792
2010-11-16 21:00:00
cve
cve
CVE-2010-3792
2010-11-16 22:00:16
prion
prion
Integer overflow
2010-11-16 22:00:00
nvd
nvd
CVE-2010-3792
2010-11-16 22:00:16
nessus
nessus
QuickTime < 7.6.9 Multiple Vulnerabilities (Mac OS X)
2010-12-07 00:00:00
QuickTime < 7.6.9 Multiple Vulnerabilities
2010-12-07 00:00:00
QuickTime < 7.6.9 Multiple Vulnerabilities (Windows)
2010-12-07 00:00:00
securityvulns
securityvulns
About the security content of QuickTime 7.6.9
2010-12-12 00:00:00
Apple QuickTime multiple security vulnerabilities
2011-07-04 00:00:00
Apple Mac OS X and QuickTime multiple security vulnerabilities
2013-11-18 00:00:00
openvas
openvas
Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
2011-09-07 00:00:00
Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
2011-09-07 00:00:00