Lucene search
Tom GallagherMicrosoft & Paul BatesMicrosoftZDI-13-117HistoryJun 11, 2013 - 12:00 a.m.
Apple QuickTime H.263 Parsing Remote Code Execution Vulnerability
2013-06-1100:00:00
Tom GallagherMicrosoft & Paul BatesMicrosoft
www.zerodayinitiative.com
16
0.03 Low
EPSS
Percentile
90.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of H.263 data. The H.263 data is not properly validated which can result in writing past an intended buffer. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user currently logged in.
References
Related
cvelist
cvelist
CVE-2013-1016
2013-05-24 10:00:00
prion
prion
Buffer overflow
2013-05-24 16:43:00
nvd
nvd
CVE-2013-1016
2013-05-24 16:43:58
cve
cve
CVE-2013-1016
2013-05-24 16:43:58
kaspersky
kaspersky
KLA10017 Multiple vulnerabilities in Apple QuickTime
2013-05-22 00:00:00
nessus
nessus
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-28 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-23 00:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
2013-05-27 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - June13 (Windows)
2013-06-07 00:00:00
Apple QuickTime Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-07 00:00:00