Lucene search
Luigi AuriemmaZDI-12-136HistoryAug 17, 2012 - 12:00 a.m.
Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability
2012-08-1700:00:00
Luigi Auriemma
www.zerodayinitiative.com
17
EPSS
0.009
Percentile
83.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Appleβs QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
References
Related
cve
cve
CVE-2011-3220
2011-10-14 10:55:08
nvd
nvd
CVE-2011-3220
2011-10-14 10:55:08
securityvulns
securityvulns
ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability
2012-08-20 00:00:00
ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
2011-10-31 00:00:00
Apple QuickTime multiple security vulnerabilities
2012-08-20 00:00:00
cvelist
cvelist
CVE-2011-3220
2011-10-14 10:00:00
prion
prion
Design/Logic Flaw
2011-10-14 10:55:00
seebug
seebug
Apple QuickTimeδΏ‘ζ―ζ³ι²ζΌζ΄
2011-10-28 00:00:00
zdi
zdi
Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
2011-10-27 00:00:00
nessus
nessus
QuickTime < 7.7.1 Multiple Vulnerabilities
2011-10-27 00:00:00
QuickTime < 7.7.1 Multiple Vulnerabilities
2011-10-27 00:00:00
QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)
2011-10-28 00:00:00
openvas
openvas
Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)
2011-11-03 00:00:00
Apple QuickTime Multiple Denial of Service Vulnerabilities - Windows
2011-11-03 00:00:00
Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
2011-10-20 00:00:00