Lucene search
Tom Gallagher (Microsoft) & Paul Bates (Microsoft)ZDI-13-114HistoryJun 11, 2013 - 12:00 a.m.
Apple QuickTime MJPEG Frame stsd Atom Heap Overflow Remote Code Execution Vulnerability
2013-06-1100:00:00
Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
www.zerodayinitiative.com
11
0.727 High
EPSS
Percentile
98.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing a mjpeg movie with an improper jpeg frame size via the stsd atom. When processing the movie, the size of the destination buffer for jpeg contents is specified separately from the JPEG size. This can lead to memory corruption that can be leveraged to achieve code execution under the context of the process.
References
Related
checkpoint_advisories
checkpoint_advisories
Apple Quicktime MJPEG Frame stsd Atom Heap Overflow - Ver2 (CVE-2013-1020)
2015-03-26 00:00:00
Apple QuickTime MJPEG Frame stsd Atom Heap Overflow (CVE-2013-1020)
2013-10-13 00:00:00
prion
prion
Memory corruption
2013-05-24 16:43:00
nvd
nvd
CVE-2013-1020
2013-05-24 16:43:58
cvelist
cvelist
CVE-2013-1020
2013-05-24 10:00:00
cve
cve
CVE-2013-1020
2013-05-24 16:43:58
kaspersky
kaspersky
KLA10017 Multiple vulnerabilities in Apple QuickTime
2013-05-22 00:00:00
nessus
nessus
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-28 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - June13 (Windows)
2013-06-07 00:00:00
Apple QuickTime Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-07 00:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
2013-05-27 00:00:00