Lucene search
HistoryJun 11, 2013 - 12:00 a.m.
Apple QuickTime TeXML textBox Element Parsing Remote Code Execution Vulnerability
0.084 Low
EPSS
Percentile
94.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles textBox elements within a TeXML file. Specifically, the code within QuickTime.qts does not properly validate the coordinate values of the x and y attributes. By providing specially crafted coordinate values, the code can be made to write data ahead of a buffer, leading to memory corruption. This memory corruption could lead to remote code execution under that context of the current process.
References
Related
cve
cve
CVE-2013-1015
2013-05-24 16:43:58
prion
prion
Memory corruption
2013-05-24 16:43:00
nvd
nvd
CVE-2013-1015
2013-05-24 16:43:58
cvelist
cvelist
CVE-2013-1015
2013-05-24 10:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime TeXML textBox Element Memory Corruption (CVE-2013-1015)
2013-07-01 00:00:00
kaspersky
kaspersky
KLA10017 Multiple vulnerabilities in Apple QuickTime
2013-05-22 00:00:00
nessus
nessus
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-28 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - June13 (Windows)
2013-06-07 00:00:00
Apple QuickTime Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-07 00:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
2013-05-27 00:00:00